Subject: Re: /dev/random without random sources blocking forever?
To: Christos Zoulas <>
From: Bill Studenmund <>
List: tech-kern
Date: 08/21/2006 20:28:06
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 21, 2006 at 11:21:31PM +0000, Christos Zoulas wrote:
> In article <>,
> Bill Studenmund  <> wrote:
> >-=3D-=3D-=3D-=3D-=3D-
> >
> >On Mon, Aug 21, 2006 at 01:20:59PM -0700, Garrett D'Amore wrote:
> >>=20
> >> Yes, without random sources, you can't get any entropy bits.  Solution
> >> is to add sources for entropy.  Alternatively, use /dev/urandom which
> >> gives back data without blocking, but might not be cryptographically r=
> >
> >If you don't have ANY entropy sources, wouldn't it be better to error ou=
> >on the read? Yes, if you don't have any entropy sources, you shouldn't u=
> >/dev/random. But "Don't do that" seems a better response than blocking=
> >forever.
> How about /dev/urandom?

That's a different question. Yes, if you don't have any entropy sources,=20
you should use /dev/urandom. But what do you do with code that is=20
hard-coded (or misconfigured) to still use /dev/random? Do you let it spin=
forever, or do you tell it, "No, that won't work." It's kinda like, "You=20
missed a turn back there. Do you run off the cliff, or do you stop just at=
the barrier before the cliff?"

To be honest, does it make sense for you to be able to open /dev/random=20
without any real entropy sources available? Userland can't add entropy=20
sources, so we don't need a control channel.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.3 (NetBSD)