tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: new random pseudodevice



On Thu, 08 Dec 2011, Thor Lancelot Simon wrote:
The urandom device node will key the generator and output data even if the kernel entropy pool estimates that it does not have enough bits to provide an AES-128 key with ful entropy. The random device node will block until sufficient bits are available from the pool to key the generator.

So, /dev/urandom will never block, and each opened file descriptor from /dev/random may block the first time you read or select from it, but will not block again until it is re-keyed after 2^31 bits (or is it bytes?) of output have been generated?

The previous /dev/random implementation would never give out more data than the estimated entropy in the pool, so callers could think that they were getting the highest quality possible. Callers will now get 2^31 bits of output and consume only 128 bits of entropy from the pool, so they may think that they are getting lower quality output.

I have this naive idea that trying to get out more than you put in is cheating, and I think it's fine for /dev/urandom to cheat, but I am not happy about /dev/random cheating. Please could you explain where I have misunderstood.

--apb (Alan Barrett)


Home | Main Index | Thread Index | Old Index