Re: How random is random?

On May 11, 2:15 pm, "Colin B." <cbi...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
ottomeis...@xxxxxxxx wrote:
On May 11, 12:12 pm, "Colin B." <cbi...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

$ dd if=/dev/random of=<filename> bs=x count=y conv=sync.

Ah hah! That explains some other behaviour I noticed after posting this,
namely that until a certain point, increasing bs (and decreasing count)
didn't seem to produce the behaviour I described.

Now that I actaully look at the output from dd, I can see the same thing--
0 full records and count partial records if bs is high enough (> 1040,
in this case).

But shouldn't /dev/random (on Solaris, BTW) block until it can fill the
request for whatever block size? Or can it only block between calls?

The /dev/random device should block unless the app
has gone out of its way to turn on non-blocking behaviour.
It's unlikly that 'dd' would do that; certainly the Solaris
'dd' doesn't. The old Solaris /dev/random pipe, fed by
the cryptorand daemon, could return short reads just
like any other named pipe.

But in fact I was wrong, what's happening here has
nothing to do with blocking or entropy depletion. You're
being bitten by an undocumented quirk of the Solaris
/dev/random driver, which is that the amount of data
it will deliver in response to a single read() is capped.
That cap happens to be 1040 bytes.

I suppose it's within the driver's rights to do that but
when it's mixed with 'dd' like this the result is quite
unpleasant. There are easy workarounds once you
know what's happening (e.g. keep 'bs' below 1040,
or pipe the output of 'cat /dev/random' into 'dd', or
don't use 'dd') but before you can do that you have
to actually notice that something is broken. 'dd'
does tell you, in its own cryptic fashion, that the
input records were incomplete. I doubt I'd have
spotted that.

OttoM.
__
ottomeister

Disclaimer: These are my opinions. I do not speak for my employer.

.

Relevant Pages

  • Re: ipc in java
    ... According to the man pages for Linux/IRIX/Solaris the pipe ... Solaris has bi-directional pipes. ... University of Leicester, Leicester, LE1 7RH, UK ...
    (comp.lang.java.programmer)
  • intercepting sys_pipe
    ... I'm trying to intercept a few system calls on solaris 8. ... except for pipe - i just don't seem to get it to work. ... Here's the relevant piece from truss: ...
    (comp.unix.solaris)
  • Re: pipe implementation on solaris
    ... I have a program which runs fine on Linux however ... > some times on solaris I get some unpredictable results. ... then, yes, a read from a pipe will block until there is data available. ... allowed to copy more data from its buf[] into the pipe. ...
    (comp.unix.programmer)
  • Re: random or urandom???
    ... Dragan> Here is the relevant part (granted, it's for Solaris but ... What if you didn't redirect it to a file, but pipe it into 'wc -c'? ...
    (comp.os.linux.security)
  • Re: Prozessbaum killen
    ... Du hast leider den Tipp von Werner Kolbeck und das Posting von Mark Neis ... Ein "killall" unter Solaris hat ...
    (de.comp.os.unix.shell)