Re: Why does reading from /dev/urandom deplete entropy so much?

From: Eric Dumazet <dada1@cosmosbay.com>
To: Marc Haber <mh+linux-kernel@zugschlus.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Why does reading from /dev/urandom deplete entropy so much?
Date: Tue, 04 Dec 2007 15:16:53 +0100	[thread overview]
Message-ID: <47556155.90006@cosmosbay.com> (raw)
In-Reply-To: <20071204114125.GA17310@torres.zugschlus.de>

Marc Haber a écrit :
> While debugging Exim4's GnuTLS interface, I recently found out that
> reading from /dev/urandom depletes entropy as much as reading from
> /dev/random would. This has somehow surprised me since I have always
> believed that /dev/urandom has lower quality entropy than /dev/random,
> but lots of it.
>
> This also means that I can "sabotage" applications reading from
> /dev/random just by continuously reading from /dev/urandom, even not
> meaning to do any harm.
>
> Before I file a bug on bugzilla, can I ask why /dev/urandom wasn't
> implemented as a PRNG which is periodically (say, every 1024 bytes or
> even more) seeded from /dev/random? That way, /dev/random has a much
> higher chance of holding enough entropy for applications that really
> need "good" entropy.
>
> Entropy depletion has become an issue on Linux systems since the
> network was removed from the group of entropy sources a few years ago.
> Of the around 20 Linux systems that I currently have root privileges
> on, only two have a hardware RNG.
>   
Some network drivers still feed entropy pools :

$ find drivers/net | xargs grep -n IRQF_SAMPLE_RANDOM
drivers/net/mv643xx_eth.c:1336:                 IRQF_SHARED | 
IRQF_SAMPLE_RANDOM, dev->name, dev);
drivers/net/3c527.c:437:        err = request_irq(dev->irq, 
&mc32_interrupt, IRQF_SHARED | IRQF_SAMPLE_RANDOM, DRV_NAME, dev);
drivers/net/xen-netfront.c:1371:                                        
IRQF_SAMPLE_RANDOM, netdev->name,
drivers/net/macb.c:1131:        err = request_irq(dev->irq, 
macb_interrupt, IRQF_SAMPLE_RANDOM,
drivers/net/tg3.c:7268:         flags = IRQF_SAMPLE_RANDOM;
drivers/net/tg3.c:7273:         flags = IRQF_SHARED | IRQF_SAMPLE_RANDOM;
drivers/net/tg3.c:7291:                   IRQF_SHARED | 
IRQF_SAMPLE_RANDOM, dev->name, dev);
drivers/net/qla3xxx.c:3648:     unsigned long irq_flags = 
IRQF_SAMPLE_RANDOM | IRQF_SHARED;
drivers/net/3c523.c:292:        ret = request_irq(dev->irq, 
&elmc_interrupt, IRQF_SHARED | IRQF_SAMPLE_RANDOM,
drivers/net/cris/eth_v10.c:704:                 IRQF_SAMPLE_RANDOM, 
cardname, (void *)dev)) {
drivers/net/atl1/atl1_main.c:1967:      int irq_flags = IRQF_SAMPLE_RANDOM;
drivers/net/niu.c:4647:                           IRQF_SHARED | 
IRQF_SAMPLE_RANDOM,
drivers/net/netxen/netxen_nic_main.c:866:                                 
IRQF_SHARED|IRQF_SAMPLE_RANDOM, netdev->name,
drivers/net/ibmlana.c:784:      result = request_irq(priv->realirq, 
irq_handler, IRQF_SHARED | IRQF_SAMPLE_RANDOM, dev->name, dev);

So I guess you could patch your kernel to get more entropy sources (even 
if they are not *perfect* for some purists)

> What can I do to keep sufficiently high entropy pools even if I read
> from /dev/urandom more than once in a while?
>
> Greetings
> Marc
>
>   