LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LCE: Don't play dice with random numbers

LCE: Don't play dice with random numbers

Posted Nov 25, 2012 16:59 UTC (Sun) by gmaxwell (subscriber, #30048)
Parent article: LCE: Don't play dice with random numbers

I'm surprised to not see any discussion of the randomness famine many Linux kernel powered systems are suffering from:

The kernel entropy pool is quite small (4kbits). It used to be possible to resize it without rebuilding the kernel and rebooting but the resize api had an exploitable vulnerablity so it was removed. Concurrently, concerns about the quality of the random data from most drivers resulted in their contributions from the pool being removed.

So on many non-desktop systems you ~only get the 100hz timer input and can't even stock up much randomness. With things like apache and ssh reading /dev/random by default this results in a lot of mysterious slowness for things like SSH logins.

I'm surprised that I haven't to be much interest or discussion in doing anything about this outside of virtualization (which has it only slightly worse than many systems).

Of course, it's usually not hard to replace random with urandom but for systems that do sometimes generate long term keys thats a bit less than ideal.

(Log in to post comments)

LCE: Don't play dice with random numbers

Posted Nov 25, 2012 17:15 UTC (Sun) by gmaxwell (subscriber, #30048) [Link]

er. I should have also mentioned that most rng daemons— HAVEGE being the most obvious exception— fill far too infrequently to actually keep the tiny pool non-dry on many systems.

LCE: Don't play dice with random numbers

Posted Nov 26, 2012 22:19 UTC (Mon) by BenHutchings (subscriber, #37955) [Link]

...concerns about the quality of the random data from most drivers resulted in their contributions from the pool being removed.

This was also changed recently: all IRQs now contribute to the random pool, but with very little entropy credited (something like 1 bit per 64 IRQs).

LCE: Don't play dice with random numbers

Posted Nov 27, 2012 8:44 UTC (Tue) by kleptog (subscriber, #1183) [Link]

Hurrah! This is better. The timer interrupt on modern systems can produce something indistinguishable from random given a high enough precision time source. Of course, you don't actually know it's random so you can't credit it, but it will definitely help the generation of unpredictable numbers on otherwise quiet systems.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds