Problem with /dev/random?
Vladimir G. Ivanovic
vladimir at acm.org
Fri May 14 02:09:55 UTC 2004
[FYI: from drivers/char/random.c]
*
* void add_keyboard_randomness(unsigned char scancode);
* void add_mouse_randomness(__u32 mouse_data);
* void add_interrupt_randomness(int irq);
* void add_blkdev_randomness(int irq);
*
* add_keyboard_randomness() uses the inter-keypress timing, as well as the
* scancode as random inputs into the "entropy pool".
*
* add_mouse_randomness() uses the mouse interrupt timing, as well as
* the reported position of the mouse from the hardware.
*
* add_interrupt_randomness() uses the inter-interrupt timing as random
* inputs to the entropy pool. Note that not all interrupts are good
* sources of randomness! For example, the timer interrupts is not a
* good choice, because the periodicity of the interrupts is too
* regular, and hence predictable to an attacker. Disk interrupts are
* a better measure, since the timing of the disk interrupts are more
* unpredictable.
*
* add_blkdev_randomness() times the finishing time of block requests.
*
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
A quick reading of the code is that these sources of entropy are
automatically added if the corresponding device is present.
But sending some data to /dev/random never changes entropy_avail from 0.
$ cat entropy_avail
$ dd if=/dev/urandom of=/dev/random-seed count=512
$ cat entropy_avail
0
512+0 records in
512+0 records out
0
My system is an old SMP Red Hat system that's been upgraded from 7.2 to
9 and now to FC1. I do apply lots of updated RPMs from freshrpms,
ATrpms, NewRPMs, etc. including, of course, Fedora. I'm running a stock,
unmodified kernel-smp-2.4.22-1.2188.nptl from Fedora.
The text "random" doesn't apprear in either /var/log/messages or dmesg.
Something else is clearly wrong, but I have no clue what...
--- Vladimir
P.S. Kent, thanks for you help. Your immediate knowledge is much better
than mine.
------------------------------------------------------------------------
Vladimir G. Ivanovic http://leonora.org/~vladimir
2770 Cowper St. vladimir at acm.org
Palo Alto, CA 94306-2447 +1 650 678 8014
------------------------------------------------------------------------
>>>>> "kb" == Kent Borg <kentborg at borg.org> writes:
kb>
kb> On Thu, May 13, 2004 at 02:26:08PM -0700, Vladimir G. Ivanovic wrote:
>> I am not logged in remotely but locally. I've had a "cat /dev/random"
>> running in a GNOME Terminal tab (window) now for several hours while I
>> read mail & surfed.
kb>
kb> Eeek!
kb>
kb> One of the problems with /dev/random (as opposed to /dev/urandom) is
kb> that any user can read it, drain all the entropy, and prevent others
kb> from getting any. As a test it can be interesting, but don't do that
kb> otherwise. (Don't forget an extra cat left running on a different
kb> console.)
kb>
kb> Kill the cat. cd to /proc/sys/kernel/random and look around.
kb> Specifically, cat entropy_avail. I am guessing you will see nothing.
kb> Now cat a few bytes into /dev/random and cat entropy_avail again. Did
kb> any show up? If so, then things are as I expect, you need to tell
kb> your mouse and keyboard and other devices to contribute entropy. I
kb> would have to start searching through kernel sources and googling to
kb> find out how.
kb>
kb> -kb, the Kent who has run off the end of his immediate knowledge.
kb>
kb>
kb> P.S. Did you do a standard install? What strange things have you
kb> done? (Compile your own kernel? Mess with boot initializations?)
kb>
kb>
kb> --
kb> fedora-list mailing list
kb> fedora-list at redhat.com
kb> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
kb>
More information about the fedora-list
mailing list