[Ach] removed outdated info on Linux RNG / haveged
Aaron Zauner
azet at azet.org
Mon May 8 05:13:17 CEST 2017
* Aaron Zauner <azet at azet.org> [08/05/2017 04:58:55] wrote:
>
> https://patchwork.kernel.org/patch/9173491/
> https://patchwork.kernel.org/patch/9501595/
> https://github.com/torvalds/linux/blob/master/drivers/char/random.c#L745
BTW: current thinking by many in the Linux/FOSS community on entropy
depletion and how the RNG in Linux works is impacted by an entirely
misleading manpage (random(4)) that's been finally fixed recently:
https://bugzilla.kernel.org/show_bug.cgi?id=71211
it now says:
```
Usage
The /dev/random interface is considered a legacy interface, and
/dev/urandom is preferred and sufficient in all use cases, with the
exception of applications which require randomness during early boot
time; for these applications, getrandom(2) must be used instead,
because it will block until the entropy pool is initialized.
If a seed file is saved across reboots as recommended below (all
major Linux distributions have done this since 2000 at least), the
output is cryptographically secure against attackers without local
root access as soon as it is reloaded in the boot sequence, and
perfectly adequate for network encryption session keys. Since reads
from /dev/random may block, users will usually want to open it in
nonblocking mode (or perform a read with timeout), and provide some
sort of user notification if the desired entropy is not immediately
available.
```
(http://man7.org/linux/man-pages/man4/random.4.html)
Aaron
[off-topic: people tell me there's Riseup swag around these days,
is it publicly available on-line somewhere? :)]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20170508/fdf24196/attachment.sig>
More information about the Ach
mailing list