Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753986AbXLHXqu (ORCPT ); Sat, 8 Dec 2007 18:46:50 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752739AbXLHXqn (ORCPT ); Sat, 8 Dec 2007 18:46:43 -0500 Received: from THUNK.ORG ([69.25.196.29]:37296 "EHLO thunker.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752402AbXLHXqm (ORCPT ); Sat, 8 Dec 2007 18:46:42 -0500 Date: Sat, 8 Dec 2007 18:46:12 -0500 From: Theodore Tso To: Ismail =?iso-8859-1?Q?D=F6nmez?= Cc: Adrian Bunk , Bill Davidsen , Marc Haber , linux-kernel@vger.kernel.org Subject: Re: Why does reading from /dev/urandom deplete entropy so much? Message-ID: <20071208234612.GQ17037@thunk.org> Mail-Followup-To: Theodore Tso , Ismail =?iso-8859-1?Q?D=F6nmez?= , Adrian Bunk , Bill Davidsen , Marc Haber , linux-kernel@vger.kernel.org References: <20071204114125.GA17310@torres.zugschlus.de> <47584E35.7030409@tmr.com> <20071208220345.GE20441@stusta.de> <200712090010.10362.ismail@pardus.org.tr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200712090010.10362.ismail@pardus.org.tr> User-Agent: Mutt/1.5.15+20070412 (2007-04-11) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 964 Lines: 20 On Sun, Dec 09, 2007 at 12:10:10AM +0200, Ismail D?nmez wrote: > > As long as /dev/random is readable for all users there's no reason to > > use /dev/urandom for a local DoS... > > Draining entropy in /dev/urandom means that insecure and possibly not random > data will be used and well thats a security bug if not a DoS bug. Actually in modern 2.6 kernels there are two separate output entropy pools for /dev/random and /dev/urandom. So assuming that the adversary doesn't know the contents of the current state of the entropy pool (i.e., the RNG is well seeded with entropy), you can read all you want from /dev/urandom and that won't give an adversary successful information to attack /dev/random. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/