[PATCH] getrandom: new applet
Rob Landley
rob at landley.net
Wed Jul 6 05:31:01 UTC 2016
On 07/05/2016 11:49 PM, Rich Felker wrote:
> On the other hand, /dev/urandom has a problem that it will give
> results before sufficient entropy has been collected, resulting in
> duplicate sequences (and thus duplicate keys generated) on identical
> devices with a fairly high probability.
Which is why you'd read a byte from /dev/random first if you need to
wait for the pool to have entropy in it? Given that there's an existing
mechanism that will block that'sbeen here for 20 years?
You yourself are saying the removed entropy can't hurt...
> The getrandom syscall was added both to address this deficiency in
> urandom, and to address the case where random bytes are needed but no
> file descriptors are available (to protect against fd exhaustion
> attacks undermining crypto, basically).
If no file descriptors are available, you can't launch a getrandom command.
Rob
More information about the busybox
mailing list