[Pkg-sysvinit-devel] answer to your question: urandom init script
Henrique de Moraes Holschuh
hmh at debian.org
Mon Aug 2 04:08:18 UTC 2010
On Mon, 02 Aug 2010, Christoph Anton Mitterer wrote:
> On Fri, 2010-07-30 at 12:55 -0300, Henrique de Moraes Holschuh wrote:
> > I have asked the kernel developers. I was told that Linux doesn't care,
> > you cannot weaken the random pool doing uncredited writes (like we do)
> > because the transformation used by the pool itself is fully reversible,
> > and no information is ever lost, so you cannot dillute it.
> Ah... that sounds nice... can you point me to the mailing list thread
> where this was discussed?
Archives at: http://lists.alioth.debian.org/pipermail/pkg-sysvinit-devel/
See bug 587665 threads.
> I've always wondered how this works, that one cannot dilute the pool by
> feeding any data into it... just imagine one uses very specially crafted
> data.
If it is reversible, it cannot be dilluted. If it can be dilluted, it is
not reversible. Obviously, we are talking about shuffling ("seeding") here,
when NO entropy credit happens.
> So are we/you really absolutely 10000% sure that this works? I mean it
Read the kernel code :) drivers/char/random.c. Bugs can happen, if you
find one, please tell us ASAP!
> would be a catastrophe I we'd accidentally make corrupt the random pool,
> even it it's just /dev/urandom (or did this also affect /dev/random?).
Writing to /dev/random and /dev/urandom performs exactly the same operation.
> Many crypto-programs use this... the OpenSSL disaster could be nothing
> compared to problems at that level ;)
Yes.
> > When in doubt, it looks like we can simply always use 4096 bytes.
> Is the pool never larger?
Currently, it seems to be locked to 512 bytes (4096 bits).
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-sysvinit-devel
mailing list