Linux /dev/random changes on the way ...
bsr
tmp543901 at buckeye-express.com
Thu Jan 16 21:08:43 GMT 2020
I am wondering if there have been any new developments pertaining to this matter. Correct me if I am wrong, but if I understand correctly, the changes being implemented(?) will significantly (dare I write 'negatively') affect how external HWRNG devices such as OneRNG contribute to the kernel entropy pool.
Someone raises a question about ChaosKey here https://lwn.net/Articles/808854/
I'm not sure the answer because I remember reading Linus Torvalds referring to the second law of thermodynamics somewhere in the discussion and that implies an isolated system, hence, maybe no mixing of external HWRNG entropy in the future. Plus there are grumblings elsewhere questioning the usefulness of such devices and thus the need to support them.
To me after reading all the discussion, it seems nearly certain that the blocking pool will essentially be eliminated. Am I correct that other than the guarantee that /dev/random will block until seeding the CRNG/DRNG (ChaCha20) with 256 bits of "true" entropy, it will behave like /dev/urandom? So now we must trust the DRNG and its implementation, right? If those bits leak (state extension attack) isn't everything pwnd?
A userland only blocking entropy pool seems tricky. Some things just can't be done in userland like they are at the kernel level due to security implications and it remains to be seen how this would be implemented.
I understand the problems that arose from blocking behavior under certain circumstances and the need for a solution, but this is a monumental shift from my perspective. Depending on what comes to pass, I guess one can always build a custom kernel but that would probably be a maintinence nightmare. I realize my tin foil hat is thicker than most so maybe I sound unreasonable.
More information about the Discuss
mailing list