LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LCE: Don't play dice with random numbers

LCE: Don't play dice with random numbers

Posted Nov 21, 2012 4:03 UTC (Wed) by vomlehn (subscriber, #45588)
In reply to: LCE: Don't play dice with random numbers by dlang
Parent article: LCE: Don't play dice with random numbers

I think the essence of the article is really that you should be very aware of how random things really are. Not too long ago, I needed to generate 10-bit values so that I could compute, at boot time, close-to-unique MAC addresses for the primary network interface. I let this algorithm run for a while, capturing the output. Good idea, because the first cut, just using the kernel equivalent of /dev/random, had nowhere near enough entropy and would have failed dismally. I ended up reading serial numbers and such in the hardware to help get me something useful.

(Log in to post comments)

LCE: Don't play dice with random numbers

Posted Nov 21, 2012 5:20 UTC (Wed) by hpa (subscriber, #48575) [Link]

This is a good example, too, of where a particular *kind* of randomness properties matters for the application - in your case, you genuinely don't care if you get the same MAC on multiple boots (in fact, it probably would be a good thing.) The important thing is to avoid collisions across multiple *systems*.

The timing of network traffic that someone mentioned is not very random, and worse, it is potentially observable, which limits its utility.

LCE: Don't play dice with random numbers

Posted Nov 23, 2012 21:23 UTC (Fri) by cesarb (subscriber, #6266) [Link]

> Good idea, because the first cut, just using the kernel equivalent of /dev/random, had nowhere near enough entropy and would have failed dismally. I ended up reading serial numbers and such in the hardware to help get me something useful.

Recent kernels have fixed that problem by reading serial numbers and such in the hardware and adding them to the pool on bot.

LCE: Don't play dice with random numbers

Posted Nov 23, 2012 21:37 UTC (Fri) by PaXTeam (subscriber, #24616) [Link]

the latent entropy plugin in PaX was designed for this purpose ;).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds