Recent Kernel /dev/urandom drivers
Paul Campbell
paul at taniwha.com
Sat Aug 18 05:22:46 BST 2018
A recent thread on Hacker News got me looking at the kernel /dev/random /dev/
urandom driver.
It's changed, the old architecture had a feature which would periodically
spill some entropy from the input pool into the /dev/urandom to refresh it's
entropy - it was controlled by /proc/sys/kernel/random/urandom_min_reseed_secs
- and by default it was 60 seconds, we had changed it to 1 second for OneRNG
by default (you would see the orange led blink every second or so). This is
generally a good thing because people are encouraged to choose /dev/urandom
for most operations.
However post 4.8 kernels contain a rewrite of the /dev/urandom code, there's
no longer a /dev/urandom output pool, and while /proc/sys/kernel/random/
urandom_min_reseed_secs still exists it is not actually connected to anything
- in fact no external entropy is fetched for /dev/urandom unless /dev/random
is read.
So please find attached a tiny python script that will force entropy to be
fetched for /dev/urandom every second if the kernel pools are fullish, feel
free to have a play, and let me know if you think it should be a standard part
of future OneRNG software releases
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-python
Size: 373 bytes
Desc: not available
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20180818/c156cbc4/attachment.py>
More information about the Discuss
mailing list