[Ach] removed outdated info on Linux RNG / haveged

Aaron Zauner azet at azet.org
Mon May 8 05:13:17 CEST 2017

* Aaron Zauner <azet at azet.org> [08/05/2017 04:58:55] wrote:
> https://patchwork.kernel.org/patch/9173491/
> https://patchwork.kernel.org/patch/9501595/
> https://github.com/torvalds/linux/blob/master/drivers/char/random.c#L745

BTW: current thinking by many in the Linux/FOSS community on entropy
depletion and how the RNG in Linux works is impacted by an entirely
misleading manpage (random(4)) that's been finally fixed recently:


it now says:
       The /dev/random interface is considered a legacy interface, and
       /dev/urandom is preferred and sufficient in all use cases, with the
       exception of applications which require randomness during early boot
       time; for these applications, getrandom(2) must be used instead,
       because it will block until the entropy pool is initialized.

       If a seed file is saved across reboots as recommended below (all
       major Linux distributions have done this since 2000 at least), the
       output is cryptographically secure against attackers without local
       root access as soon as it is reloaded in the boot sequence, and
       perfectly adequate for network encryption session keys.  Since reads
       from /dev/random may block, users will usually want to open it in
       nonblocking mode (or perform a read with timeout), and provide some
       sort of user notification if the desired entropy is not immediately


[off-topic: people tell me there's Riseup swag around these days,
is it publicly available on-line somewhere? :)]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20170508/fdf24196/attachment.sig>

More information about the Ach mailing list