[PATCH v2] getrandom: new applet
Daniel Thompson
daniel.thompson at linaro.org
Wed Jun 29 15:31:10 UTC 2016
On 29/06/16 16:04, Etienne Champetier wrote:
> 2016-06-29 16:25 GMT+02:00 Daniel Thompson <daniel.thompson at linaro.org>:
>> On 29/06/16 14:54, Etienne Champetier wrote:
>>>
>>> If we want to be safe, we have to use /dev/urandom only after its
>>> initialised
>>> A simple tests adding this in an init script on a LEDE (OpenWrt) VM:
>>>
>>> getrandom 1 > /dev/null
>>> echo "### getrandom ###" > /dev/kmsg
>>> dd if=/dev/random of=/dev/null count=1 bs=1
>>> echo "### dd ###" > /dev/kmsg
>>>
>>> gives:
>>> [ 14.321536] ### getrandom ###
>>> [ 42.603677] ### dd ###
>>>
>>> And this can be worse on real hardware ..
>>
>>
>> Not clear it the above shows that dd behaves differently to getrandom or if
>> the difference is merely due to less frequent interrupts after system is
>> booted...
>>
>> What timings to you get if you reverse the commands?
>
> You missed how the all thing works
> you have
> - /dev/urandom, which never block
> - getrandom(), which block until /dev/urandom is properly initialized
> (system wide), then never block again and read from /dev/urandom
> - /dev/random, which only start it initialization after getrandom()
> unblock, and block when it estimates entropy is low
>
> So getrandom will always finish before dd, and after dd /dev/random
> unblock you are sure getrandom doesn't block anymore
>
> Also running 100 times getrandom will not affect other processes, when
> running 100 times dd /dev/random might block and block other
> /dev/random users
Thanks for the explanation. I had indeed overlooked that the getrandom
applet does not consume any entropy.
Daniel.
More information about the busybox
mailing list