Re: Feeding /dev/random with /dev/urandom

From: Juha Laiho (Juha.Laiho_at_iki.fi)
Date: 04/28/04

Next message: Jim Hatfield: "Re: sFTP compared with FTP via VPN"
Previous message: erm67: "Feeding /dev/random with /dev/urandom"
In reply to: erm67: "Feeding /dev/random with /dev/urandom"
Next in thread: erm67: "Re: Feeding /dev/random with /dev/urandom"
Reply: erm67: "Re: Feeding /dev/random with /dev/urandom"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Apr 2004 16:32:03 GMT

ermscag@tin.it (erm67) said:
>The latest linux kernel features a blocking /dev/random device, that
>is it will block when the available entropy is not sufficient. I found
>that some motherboards has a hw randomness generator and that it can
>be used, with rngd from http://sourceforge.net/projects/gkernel/ to
>feed /dev/random so that its entropy pools are always ready.
>My motherboard doesn't have this device and besides is very slow thus
>/dev/random often blocks.
>The 'solution' I found is to instruct rngd to read from /dev/urandom
>(non blocking) and to feed /dev/random.
>Of course this seems quite silly even to me :-) but now
>/proc/sys/kernel/random/entropy_avail always reports that entropy is
>available and all apps reading /dev/random no longer blocks.
>The question the random number from /dev/random are still 'good' is
>using this method?

Hmm.. at least initially I wouldn't consider that kind of force-fed
/dev/random any more random than the /dev/urandom data that is fed
to it. So, what would be more proper would be to assess which programs
really need the security provided by /dev/random, and which can live
with just /dev/urandom data.

-- 
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Next message: Jim Hatfield: "Re: sFTP compared with FTP via VPN"
Previous message: erm67: "Feeding /dev/random with /dev/urandom"
In reply to: erm67: "Feeding /dev/random with /dev/urandom"
Next in thread: erm67: "Re: Feeding /dev/random with /dev/urandom"
Reply: erm67: "Re: Feeding /dev/random with /dev/urandom"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Feeding /dev/random with /dev/urandom
... The latest linux kernel features a blocking /dev/random device, ... is it will block when the available entropy is not sufficient. ... that some motherboards has a hw randomness generator and that it can ... The 'solution' I found is to instruct rngd to read from /dev/urandom ...
(comp.security.unix)
Re: Feeding /dev/random with /dev/urandom
... ]is it will block when the available entropy is not sufficient. ... ]that some motherboards has a hw randomness generator and that it can ... ]The 'solution' I found is to instruct rngd to read from /dev/urandom ... ](non blocking) and to feed /dev/random. ...
(comp.security.unix)