Re: [uml-devel] [PATCH 3/9] UML - "Hardware" random number generator
Rob Landley wrote: On Wednesday 09 March 2005 09:15 pm, Jeff Dike wrote: This implements a hardware random number generator for UML which attaches itself to the host's /dev/random. Direct use of /dev/random always makes me nervous. I've had a recurring problem with /dev/random blocking, and generally configure as much as possible to use /dev/urandom instead. It's really easy for a normal user to drain the /dev/random entropy pool on a server (at least one that doesn't have a sound card you can tell it to read white noise from). cat /dev/random /dev/null I like /dev/urandom because it'll feed you as much entropy as it's got, but won't block, and will presumably round-robin insert real entropy in the streams that multiple users get from /dev/urandom. (I realize this may not be the best place to get gpg keys from.) I'm just thinking about those UML hosting farms, with several UML instances per machine, on machines which haven't got a keyboard attached constantly feeding entropy into the pool. If just ONE of them is serving ssl connections from its own /dev/urandom, that would drain the /dev/random entropy pool on the host machine almost immediately... Admittedly if UML used /dev/urandom instead of /dev/random, it wouldn't know how much "real" randomness it was getting and how much synthetic randomness, but this makes predicting the numbers it's producing easier how? Use of a "hardware" RNG patch without a real hardware RNG could do all that. I would add a caution to the help warning of this problem if you lack real hardware RNG capability. The really paranoid could insist that at least one hardware driver be configured, but how much do you need to protect people from themselves? -- -bill davidsen ([EMAIL PROTECTED]) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - "Hardware" random number generator
Jeff Dike wrote: [EMAIL PROTECTED] said: I'm just thinking about those UML hosting farms, with several UML instances per machine, on machines which haven't got a keyboard attached constantly feeding entropy into the pool. That's when you set the network links to feed entropy. It may not be very good entropy, but it's probably better than nothing (especially in a UML virtual-system instance, where the real NIC is handling traffic for all hosted systems). Chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - "Hardware" random number generator
On Thursday 10 March 2005 19:41, Rob Landley wrote: > On Wednesday 09 March 2005 09:15 pm, Jeff Dike wrote: > > This implements a hardware random number generator for UML which attaches > > itself to the host's /dev/random. > > Direct use of /dev/random always makes me nervous. I've had a recurring > problem with /dev/random blocking, The fd is set in non-blocking mode on opening, so when there is no data UML will not block but get -EAGAIN (which is then handled by waiting and retrying). > and generally configure as much as > possible to use /dev/urandom instead. It's really easy for a normal user > to drain the /dev/random entropy pool on a server (at least one that > doesn't have a sound card you can tell it to read white noise from). > cat /dev/random > /dev/null > I like /dev/urandom because it'll feed you as much entropy as it's got, Yes, and entropy will gradually degrade... > but > won't block, and will presumably round-robin insert real entropy in the > streams that multiple users get from /dev/urandom. (I realize this may not > be the best place to get gpg keys from.) > Admittedly if UML used /dev/urandom instead of /dev/random, it wouldn't > know how much "real" randomness it was getting and how much synthetic > randomness, but this makes predicting the numbers it's producing easier > how? Don't ask us..., we just recycle the others knowledge... however in short when you say that "randomness" (or entropy) is not the maximum, you mean that there is some redundancy, i.e. some law to ease predicting subsequent numbers. For instance some character is more frequent than another... And this is also the same kind of things that is exploited during compression... the more compressed are your data, the less entropy they have before compression (I'm not an expert of Shannon information entropy theories, however, but this is what I grasped). -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 http://www.user-mode-linux.org/~blaisorblade - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - "Hardware" random number generator
[EMAIL PROTECTED] said: > I'm just thinking about those UML hosting farms, with several UML > instances per machine, on machines which haven't got a keyboard > attached constantly feeding entropy into the pool. If just ONE of > them is serving ssl connections from its own /dev/urandom, that would > drain the /dev/random entropy pool on the host machine almost > immediately... All true (except for that last reference to urandom), but also irrelevant to whether UML's hwrng should be hooked up to the host's /dev/random or not. As far as I can see, the only thing that matters is that hwrng should produce real randomness, and that can only be had by reading /dev/random (or maybe the host's /dev/hwrng, but that's supposed to be fed into /dev/random anyway). So, hooking up the UML /dev/hwrng to the host's /dev/urandom would be lying. If the host's entropy pool gets drained as a result, I would say that's an application bug, and not a reason for UML to get its randomness from the host's /dev/urandom. Jeff - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - Hardware random number generator
[EMAIL PROTECTED] said: I'm just thinking about those UML hosting farms, with several UML instances per machine, on machines which haven't got a keyboard attached constantly feeding entropy into the pool. If just ONE of them is serving ssl connections from its own /dev/urandom, that would drain the /dev/random entropy pool on the host machine almost immediately... All true (except for that last reference to urandom), but also irrelevant to whether UML's hwrng should be hooked up to the host's /dev/random or not. As far as I can see, the only thing that matters is that hwrng should produce real randomness, and that can only be had by reading /dev/random (or maybe the host's /dev/hwrng, but that's supposed to be fed into /dev/random anyway). So, hooking up the UML /dev/hwrng to the host's /dev/urandom would be lying. If the host's entropy pool gets drained as a result, I would say that's an application bug, and not a reason for UML to get its randomness from the host's /dev/urandom. Jeff - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - Hardware random number generator
Jeff Dike wrote: [EMAIL PROTECTED] said: I'm just thinking about those UML hosting farms, with several UML instances per machine, on machines which haven't got a keyboard attached constantly feeding entropy into the pool. That's when you set the network links to feed entropy. It may not be very good entropy, but it's probably better than nothing (especially in a UML virtual-system instance, where the real NIC is handling traffic for all hosted systems). Chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - Hardware random number generator
Rob Landley wrote: On Wednesday 09 March 2005 09:15 pm, Jeff Dike wrote: This implements a hardware random number generator for UML which attaches itself to the host's /dev/random. Direct use of /dev/random always makes me nervous. I've had a recurring problem with /dev/random blocking, and generally configure as much as possible to use /dev/urandom instead. It's really easy for a normal user to drain the /dev/random entropy pool on a server (at least one that doesn't have a sound card you can tell it to read white noise from). cat /dev/random /dev/null I like /dev/urandom because it'll feed you as much entropy as it's got, but won't block, and will presumably round-robin insert real entropy in the streams that multiple users get from /dev/urandom. (I realize this may not be the best place to get gpg keys from.) I'm just thinking about those UML hosting farms, with several UML instances per machine, on machines which haven't got a keyboard attached constantly feeding entropy into the pool. If just ONE of them is serving ssl connections from its own /dev/urandom, that would drain the /dev/random entropy pool on the host machine almost immediately... Admittedly if UML used /dev/urandom instead of /dev/random, it wouldn't know how much real randomness it was getting and how much synthetic randomness, but this makes predicting the numbers it's producing easier how? Use of a hardware RNG patch without a real hardware RNG could do all that. I would add a caution to the help warning of this problem if you lack real hardware RNG capability. The really paranoid could insist that at least one hardware driver be configured, but how much do you need to protect people from themselves? -- -bill davidsen ([EMAIL PROTECTED]) The secret to procrastination is to put things off until the last possible moment - but no longer -me - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - "Hardware" random number generator
On Wednesday 09 March 2005 09:15 pm, Jeff Dike wrote: > This implements a hardware random number generator for UML which attaches > itself to the host's /dev/random. Direct use of /dev/random always makes me nervous. I've had a recurring problem with /dev/random blocking, and generally configure as much as possible to use /dev/urandom instead. It's really easy for a normal user to drain the /dev/random entropy pool on a server (at least one that doesn't have a sound card you can tell it to read white noise from). cat /dev/random > /dev/null I like /dev/urandom because it'll feed you as much entropy as it's got, but won't block, and will presumably round-robin insert real entropy in the streams that multiple users get from /dev/urandom. (I realize this may not be the best place to get gpg keys from.) I'm just thinking about those UML hosting farms, with several UML instances per machine, on machines which haven't got a keyboard attached constantly feeding entropy into the pool. If just ONE of them is serving ssl connections from its own /dev/urandom, that would drain the /dev/random entropy pool on the host machine almost immediately... Admittedly if UML used /dev/urandom instead of /dev/random, it wouldn't know how much "real" randomness it was getting and how much synthetic randomness, but this makes predicting the numbers it's producing easier how? Rob - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [uml-devel] [PATCH 3/9] UML - Hardware random number generator
On Wednesday 09 March 2005 09:15 pm, Jeff Dike wrote: This implements a hardware random number generator for UML which attaches itself to the host's /dev/random. Direct use of /dev/random always makes me nervous. I've had a recurring problem with /dev/random blocking, and generally configure as much as possible to use /dev/urandom instead. It's really easy for a normal user to drain the /dev/random entropy pool on a server (at least one that doesn't have a sound card you can tell it to read white noise from). cat /dev/random /dev/null I like /dev/urandom because it'll feed you as much entropy as it's got, but won't block, and will presumably round-robin insert real entropy in the streams that multiple users get from /dev/urandom. (I realize this may not be the best place to get gpg keys from.) I'm just thinking about those UML hosting farms, with several UML instances per machine, on machines which haven't got a keyboard attached constantly feeding entropy into the pool. If just ONE of them is serving ssl connections from its own /dev/urandom, that would drain the /dev/random entropy pool on the host machine almost immediately... Admittedly if UML used /dev/urandom instead of /dev/random, it wouldn't know how much real randomness it was getting and how much synthetic randomness, but this makes predicting the numbers it's producing easier how? Rob - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
