[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with /dev/random?



 [FYI: from drivers/char/random.c]
 * 
 *      void add_keyboard_randomness(unsigned char scancode);
 *      void add_mouse_randomness(__u32 mouse_data);
 *      void add_interrupt_randomness(int irq);
 *      void add_blkdev_randomness(int irq);
 * 
 * add_keyboard_randomness() uses the inter-keypress timing, as well as the
 * scancode as random inputs into the "entropy pool".
 * 
 * add_mouse_randomness() uses the mouse interrupt timing, as well as
 * the reported position of the mouse from the hardware.
 *
 * add_interrupt_randomness() uses the inter-interrupt timing as random
 * inputs to the entropy pool.  Note that not all interrupts are good
 * sources of randomness!  For example, the timer interrupts is not a
 * good choice, because the periodicity of the interrupts is too
 * regular, and hence predictable to an attacker.  Disk interrupts are
 * a better measure, since the timing of the disk interrupts are more
 * unpredictable.
 * 
 * add_blkdev_randomness() times the finishing time of block requests.
 * 
 * All of these routines try to estimate how many bits of randomness a
 * particular randomness source.  They do this by keeping track of the
 * first and second order deltas of the event timings.

A quick reading of the code is that these sources of entropy are
automatically added if the corresponding device is present.

But sending some data to /dev/random never changes entropy_avail from 0.

   $ cat entropy_avail
   $ dd if=/dev/urandom of=/dev/random-seed count=512
   $ cat entropy_avail
   0
   512+0 records in
   512+0 records out
   0

My system is an old SMP Red Hat system that's been upgraded from 7.2 to
9 and now to FC1. I do apply lots of updated RPMs from freshrpms,
ATrpms, NewRPMs, etc. including, of course, Fedora. I'm running a stock,
unmodified kernel-smp-2.4.22-1.2188.nptl from Fedora.

The text "random" doesn't apprear in either /var/log/messages or dmesg. 

Something else is clearly wrong, but I have no clue what...

--- Vladimir

P.S. Kent, thanks for you help. Your immediate knowledge is much better
than mine.

------------------------------------------------------------------------
Vladimir G. Ivanovic                        http://leonora.org/~vladimir
2770 Cowper St.                                         vladimir acm org
Palo Alto, CA 94306-2447                                 +1 650 678 8014
------------------------------------------------------------------------
>>>>> "kb" == Kent Borg <kentborg borg org> writes:

    kb> 
    kb> On Thu, May 13, 2004 at 02:26:08PM -0700, Vladimir G. Ivanovic wrote:
    >> I am not logged in remotely but locally. I've had a "cat /dev/random"
    >> running in a GNOME Terminal tab (window) now for several hours while I
    >> read mail & surfed.
    kb> 
    kb> Eeek!
    kb> 
    kb> One of the problems with /dev/random (as opposed to /dev/urandom) is
    kb> that any user can read it, drain all the entropy, and prevent others
    kb> from getting any.  As a test it can be interesting, but don't do that
    kb> otherwise.  (Don't forget an extra cat left running on a different
    kb> console.)
    kb> 
    kb> Kill the cat.  cd to /proc/sys/kernel/random and look around.
    kb> Specifically, cat entropy_avail.  I am guessing you will see nothing.
    kb> Now cat a few bytes into /dev/random and cat entropy_avail again.  Did
    kb> any show up?  If so, then things are as I expect, you need to tell
    kb> your mouse and keyboard and other devices to contribute entropy.  I
    kb> would have to start searching through kernel sources and googling to
    kb> find out how.
    kb> 
    kb> -kb, the Kent who has run off the end of his immediate knowledge.
    kb> 
    kb> 
    kb> P.S.  Did you do a standard install?  What strange things have you
    kb> done?  (Compile your own kernel?  Mess with boot initializations?)
    kb> 
    kb> 
    kb> -- 
    kb> fedora-list mailing list
    kb> fedora-list redhat com
    kb> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
    kb> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]