# complex severity 636266 wishlist retitle 636266 libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy tags 636266 + upstream quit
Hi Philipp, Ph. Marek wrote: > fopen()/fread() is used by some software packages (I noticed it via ECL) to > read data from /dev/urandom. > > But fread() reads more bytes than specified (rounded up to 4096!), thereby > decreasing the available entropy by a large amount. Not sure what libc can do about that. Maybe the kernel could say, "Please, do not buffer when reading this file" and libc could respect that. But fundamentally, buffering is what fread is all about, so as a first step I would suggest reporting the bug to the authors of each program you find this in (after all, the same symptoms show up on other platforms, too). In the C and POSIX standards, the behavior of fread is defined in terms of fgetc. To be reasonably fast and decrease the number of system calls, traditionally fgetc attempts to fill a large buffer when it calls read(). Should fread behave differently? I would find it strange for fread(1, 1) to use a different sequence of system calls from fgetc. Anyway, I agree that this is a problem somewhere. Thanks for reporting it. Ideas welcome. Regards, Jonathan Meanwhile Linux suffers for the lack of erandom and frandom for typical uses of random numbers, though that's another story. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20110802141615.GB3397@elie
