Re: [PATCH] (0/4) Entropy accounting fixes

From: Oliver Xymoron (
Date: Sat Aug 17 2002 - 23:57:24 EST

On Sat, Aug 17, 2002 at 11:51:52PM -0400, Robert Love wrote:
> On Sat, 2002-08-17 at 23:05, Linus Torvalds wrote:
> > This is particularly true on things like embedded routers, where the
> > machine usually doesn't actually _run_ much user-level software, but is
> > just shuffling packets back and forth. Your logic seems to make it not add
> > any entropy from those packets, which can be _deadly_ if then the router
> > is also used for occasionally generating some random numbers for other
> > things.
> Agreed. Further, embedded routers - since they are headless/diskless -
> have problems even with the _current_ /dev/random code. They simply do
> not generate enough entropy to fulfill sshd requests [1].

This analysis actually stemmed from my work to port OpenSSH to a headless
(non-UNIX, non-POSIX, non-protected-memory, diskless) network appliance. SSH
only needs real entropy for the keys generated by ssh-keygen. It's
complete overkill for session keys.

And guess what? Stock Portable OpenSSH (v3.4p1) uses /dev/urandom

# Check for user-specified random device, otherwise check /dev/urandom
        [ --with-random=FILE read entropy from FILE
> Saying "use /dev/urandom" in this case means we may as well not have a
> /dev/random. There is a difference between incorrect accounting (which
> it seems you have identified) and just too strict gathering behavior.
> Robert Love
> [1] this is why I wrote my netdev-random patches. some machines just
> have to take the entropy from the network card... there is nothing
> else.

This patch is perfectly compatible with your netdev-random patches, in
fact I encourage it's resubmission after this one gets
in. /dev/urandom users will get all the benefits of network sampling
without /dev/random suffering at all.

 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Fri Aug 23 2002 - 22:00:14 EST