2016-06-29 16:25 GMT+02:00 Daniel Thompson <[email protected]>: > On 29/06/16 14:54, Etienne Champetier wrote: >> >> If we want to be safe, we have to use /dev/urandom only after its >> initialised >> A simple tests adding this in an init script on a LEDE (OpenWrt) VM: >> >> getrandom 1 > /dev/null >> echo "### getrandom ###" > /dev/kmsg >> dd if=/dev/random of=/dev/null count=1 bs=1 >> echo "### dd ###" > /dev/kmsg >> >> gives: >> [ 14.321536] ### getrandom ### >> [ 42.603677] ### dd ### >> >> And this can be worse on real hardware .. > > > Not clear it the above shows that dd behaves differently to getrandom or if > the difference is merely due to less frequent interrupts after system is > booted... > > What timings to you get if you reverse the commands?
You missed how the all thing works you have - /dev/urandom, which never block - getrandom(), which block until /dev/urandom is properly initialized (system wide), then never block again and read from /dev/urandom - /dev/random, which only start it initialization after getrandom() unblock, and block when it estimates entropy is low So getrandom will always finish before dd, and after dd /dev/random unblock you are sure getrandom doesn't block anymore Also running 100 times getrandom will not affect other processes, when running 100 times dd /dev/random might block and block other /dev/random users Regards Etienne > > ~~~ > dd if=/dev/random of=/dev/null count=1 bs=1 > echo "### dd ###" > /dev/kmsg > getrandom 1 > /dev/null > echo "### getrandom ###" > /dev/kmsg > ~~~ > > > Daniel. _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
