On Wed, 20 Sept 2023 at 07:06, Roberto A. Foglietta <[email protected]> wrote:
> Finally, repeat one more time all together: ioctls() are bad because > they are a trick to workaround the limitation of "in UNIX everything > is a file" principle and like every principle it establish some > limitations for a good reason. Again, again... The reason because it exists the ioctl() is well explained here https://stackoverflow.com/questions/17118705/using-rndaddentropy-to-add-entropy-to-dev-random which refers to the man page https://man7.org/linux/man-pages/man4/random.4.html Therefore we can assume that interface is stable and widely accepted while the comments in stackoverflow add an hint: <<If you are using /dev/urandom, it does not matter what you pass for bit_count because /dev/urandom ignores it equaling zero and just keeps on going.>> - This means that adding good white noise to /dev/urandom would be sufficient to avoid it running without a source of entropy. In my own embedded system /dev/random is moved to /dev/.random and /dev/urandom takes its place. It is a highly-questionable choice, I know. This prevents anything blocking the functioning in the hope that /dev/urandom will be good enough to replace /dev/random. To sustain this conjecture, every 15 minutes, I feed the /dev/urandom with data that I consider good quality white noise. If /dev/random exists, it is supposed to exist for a good reason and replacing it is a questionable approach. I accept it. The way in which /dev/random is used in practice is another story and in my embedded system the SSH connection is a full-day working service while almost all peripherals are inactive or disabled. Much more than a server with disks and not just everything in RAM, it risks running low on entropy very fast. However, SSH is configured to use /dev/urandom by default therefore it is not a sink of entropy and probably there is no any sink of entropy at all. Back to the ioctl() which probably has been introduced before the /sys exist, now the /sys exist. Time to think about planning to replace that ioctl() with a file in /sys? #define BUFSIZE 256 /* WARNING - this struct must match random.h's struct rand_pool_info */ typedef struct { int bit_count; /* number of bits of entropy in data */ int byte_count; /* number of bytes of data in array */ unsigned char buf[BUFSIZ]; } entropy_t; Giving a look to the structure does not seem straightforward to replace it with a file-interface in particular about bit_count. However, that value is ignored for /dev/urandom. Moreover, everything in the buffer will be added after being passed through a hash function. I hate this interface because the main idea behind this interface is clearly: "you are stupid and therefore I prevent you to do stupid things". This is the opposite of the UNIX paradigm. You write a file? I assume that you know what you are doing otherwise expect to meet your Karma soon. Best regards, R- _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
