On Fri, Oct 14, 2016 at 11:59 AM, Tomasz Grabiec <tgrab...@scylladb.com>
wrote:

>
>
> On Fri, Oct 14, 2016 at 4:56 PM, Raphael Carvalho <raphae...@scylladb.com>
> wrote:
>
>>
>>
>> On Fri, Oct 14, 2016 at 10:39 AM, Benoît Canet <
>> ben...@cloudius-systems.com> wrote:
>>
>>>
>>> Hello list,
>>>
>>> In the process of porting go to OSv I noticed that the Go runtime
>>> initialization stall half the time waiting in a read for /dev/urandom.
>>>
>>> The message OSv output is "random: blocking on read.".
>>>
>>> It then sometime proceeed to unblock itself a couple dozen of seconds
>>> later.
>>>
>>> Does it ring a bell ? Is it expected behavior from /dev/urandom ?
>>>
>>
>> manpage:
>> "A read from the /dev/urandom device will not block waiting for more
>> entropy.  If there is not sufficient entropy, a pseudorandom number
>> generator is used to  create the  requested  bytes.   As  a result, in this
>> case the returned values are theoretically vulnerable to a cryptographic
>> attack on the algorithms used by the driver."
>>
>> In our impl, /dev/urandom and /dev/random are both pointing to the same
>> mechanism to generate random numbers, and that means they both can block.
>> We should probably look into doing something for /dev/urandom to match the
>> behavior described above.
>>
>
> We're using BSD's implementation.
>
> It has both /dev/random and /dev/urandom unified. It's a PRNG which is
> periodically reseeded.
>

Indeed, but we may skip this step '
https://github.com/cloudius-systems/osv/blob/master/drivers/random.cc#L65'
for /dev/urandom. Application expects /dev/urandom not to block waiting for
entropy, and that should probably be respected. I think we discussed it in
the past, but I don't remember what we concluded from it.

-- 
You received this message because you are subscribed to the Google Groups "OSv 
Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to osv-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to