[PATCH] getrandom: new applet

Etienne Champetier champetier.etienne at gmail.com
Mon Jul 4 09:00:35 UTC 2016


Hi Denys

TLDR: /dev/urandom is safe once initialized,
initialization take a long time on embedded device
=> use getrandom() to wait for initialization and be safe

2016-07-03 18:44 GMT+02:00 Denys Vlasenko <vda.linux at googlemail.com>:
> On Tue, Jun 28, 2016 at 6:56 PM, Etienne CHAMPETIER
> <champetier.etienne at gmail.com> wrote:
>> first user of this applet will be LEDE (OpenWrt) to save an urandom seed
>> using getrandom() (so we are sure /dev/urandom pool is initialized)
>
>
> Please be more specific which task you want to achieve with this tool.

I want to read from /dev/urandom but only when it's initialized, and
the way to do that is the getrandom() syscall.
If you use /dev/urandom too early you might have the same state
between reboots of a router, or between multiple identical routers.

A non busybox version of getrandom is already in LEDE (OpenWrt), i
just want to integrate it into busybox to take less space
https://git.lede-project.org/?p=project/ubox.git;a=commit;h=fdda69207d1509e0383e3da549f71666b194c40a
https://git.lede-project.org/?p=source.git;a=commit;h=9ba0dc602f7fb52c4e792922c20e8e7390d1a10c
https://git.lede-project.org/?p=source.git;a=commit;h=3946a5529132c80793a9e5ee665a3cd6b0835310

>
> I googled for this name and no such tool exists (yet?) in distros,
> I hesitate to introduce a new tool and then have an API collision
> when they add something similar.

On desktop /dev/random is initialized quite early so it's not a
problem, and in the VM world you have special drivers (virtio-rng,
vmware tools, ...) or software (pollinate, haveged, ...)
so using /dev/urandom isn't a problem

But in the embedded world (think crappy router) you don't have that
much entropy (on some of my routers it take 1 min for /dev/urandom to
be initialized) and you don't have space or power (device on battery)
to have special software, so if you want to be sure that /dev/urandom
is initialized (has been seeded with 128bits of entropy), you use
getrandom()

I can change the name of the applet to "bbgetrandom" to avoid API
collision in the future?

>
> BTW, I know that security people would scream bloody murder,
> but wouldn't
>
> cd /proc && cat cpuinfo meminfo stat interrupts diskstats slabinfo
> schedstat buddyinfo >/dev/random
>
> in practice work quite satisfactorily for adding some entropy at boot time?

Your cat /proc/* will be almost identical each boot, so no it's not
adding entropy, or it's re-adding what is already used internaly
What we are trying to fight here is having the same state between
multiple reboot of the same router, or between multiple identical
routers.

> If you don't think so, can you demonstrate a setup where the output is
> predictable?

In the crypto world you prove that things are safe, and not having a
proof that it's broken doesn't mean that it's safe, it's just that you
haven't try hard enough ;)


More information about the busybox mailing list