Re: /dev/random is hot garbage

To: Martin Husemann <martin%duskware.de@localhost>
Subject: Re: /dev/random is hot garbage
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sun, 21 Jul 2019 11:55:23 -0400

I don't think we should change /dev/random.   For a very long time, the
notion is that the bits from /dev/random really are ok for keys, and
there has been a notion that such bits are precious and you should be
prepared to wait.  If you aren't generating a key, you shouldn't read
from /dev/random.

So I think rust is wrong and should be fixed.

I can see the reason for frustration, but I believe that we should not
break things that are sensible because they are abused and cause
problems in some environments.

It would also be reasonable to have a sysctl to allow /dev/random to
return bytes anyway, like urandom would, and to turn this on for our xen
builders, as a different workaround.  That's easy, and it doesn't break
the way things are supposed to be for people that don't ask for it.

Also, on the xen build hosts, it would perhaps be good to turn on
entropy collection from network and disk.

Another approach, harder, is to create a xenrnd(4) pseudodevice and
hypervisor call that gets bits from the host's /dev/random and injects
them as if from a hardware rng.

Follow-Ups:
- Re: /dev/random is hot garbage
  - From: maya
- Re: /dev/random is hot garbage
  - From: Michael van Elst
- Re: /dev/random is hot garbage
  - From: Taylor R Campbell

References:
- /dev/random is hot garbage
  - From: coypu
- Re: /dev/random is hot garbage
  - From: Martin Husemann

Prev by Date: Re: /dev/random is hot garbage
Next by Date: Re: /dev/random is hot garbage
Previous by Thread: Re: /dev/random is hot garbage
Next by Thread: Re: /dev/random is hot garbage
Indexes:

Home | Main Index | Thread Index | Old Index