Re: getrandom and getentropy

To: mlelstv%serpens.de@localhost (Michael van Elst)
Subject: Re: getrandom and getentropy
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Mon, 11 May 2020 19:49:47 +0000

> Date: Mon, 11 May 2020 17:56:41 -0000 (UTC)
> From: mlelstv%serpens.de@localhost (Michael van Elst)
> 
> riastradh%NetBSD.org@localhost (Taylor R Campbell) writes:
> 
> >> Date: Mon, 11 May 2020 16:16:12 -0000 (UTC)
> >> From: mlelstv%serpens.de@localhost (Michael van Elst)
> >> 
> >> Now we put all trust in loading a constant file.
> 
> >This is still false, just like it was the last time you made this
> >claim.
> 
> We only trust a HWRNG and the seed file because only these enter
> a non-zero value for entropy. I cannot configure any other source to
> do that.

The kernel assumes anything written to /dev/random has full entropy,
so you can voluntarily choose to write something to it if you know
something the kernel and driver authors don't.

If you are satisfied with the samples of interrupt timings and
whatnot, you can always persuade the kernel with

dd if=/dev/urandom of=/dev/random bs=32 count=1

> Rebooting after writing a seed once: never blocks again, even when
> the file wouldn't change.

Please see what happens if you try to load a seed file from a
read-only medium.  For example, boot into single-user mode and issue

rndctl -L /var/db/entropy-file

without mounting the root file system read/write first.

And next time, please take concerns about this to the thread that's
_not_ meant to be focussed on a question about public C API choice.

References:
- Re: getrandom and getentropy
  - From: Michael van Elst

Prev by Date: Re: getrandom and getentropy
Next by Date: Re: getrandom and getentropy
Previous by Thread: Re: getrandom and getentropy
Next by Thread: Re: getrandom and getentropy
Indexes:

Home | Main Index | Thread Index | Old Index