Re: Why does reading from /dev/urandom deplete entropy so much?

From: Theodore Tso
Date: Sat Dec 08 2007 - 18:46:53 EST

Next message: Theodore Tso: "Re: entropy gathering (was Re: Why does reading from /dev/urandomdeplete entropy so much?)"
Previous message: Justin Piszcz: "2.6.23.9 64-bit IRQ sharing without irqbalance with p35 vs i965?"
In reply to: Ismail DÃnmez: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Next in thread: Willy Tarreau: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Dec 09, 2007 at 12:10:10AM +0200, Ismail Dönmez wrote:
> > As long as /dev/random is readable for all users there's no reason to
> > use /dev/urandom for a local DoS...
>
> Draining entropy in /dev/urandom means that insecure and possibly not random
> data will be used and well thats a security bug if not a DoS bug.

Actually in modern 2.6 kernels there are two separate output entropy
pools for /dev/random and /dev/urandom. So assuming that the
adversary doesn't know the contents of the current state of the
entropy pool (i.e., the RNG is well seeded with entropy), you can read
all you want from /dev/urandom and that won't give an adversary
successful information to attack /dev/random.

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Theodore Tso: "Re: entropy gathering (was Re: Why does reading from /dev/urandomdeplete entropy so much?)"
Previous message: Justin Piszcz: "2.6.23.9 64-bit IRQ sharing without irqbalance with p35 vs i965?"
In reply to: Ismail DÃnmez: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Next in thread: Willy Tarreau: "Re: Why does reading from /dev/urandom deplete entropy so much?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]