tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /dev/random is hot garbage

I don't think we should change /dev/random.   For a very long time, the
notion is that the bits from /dev/random really are ok for keys, and
there has been a notion that such bits are precious and you should be
prepared to wait.  If you aren't generating a key, you shouldn't read
from /dev/random.

So I think rust is wrong and should be fixed.

I can see the reason for frustration, but I believe that we should not
break things that are sensible because they are abused and cause
problems in some environments.

It would also be reasonable to have a sysctl to allow /dev/random to
return bytes anyway, like urandom would, and to turn this on for our xen
builders, as a different workaround.  That's easy, and it doesn't break
the way things are supposed to be for people that don't ask for it.

Also, on the xen build hosts, it would perhaps be good to turn on
entropy collection from network and disk.

Another approach, harder, is to create a xenrnd(4) pseudodevice and
hypervisor call that gets bits from the host's /dev/random and injects
them as if from a hardware rng.

Home | Main Index | Thread Index | Old Index