Re: Why does reading from /dev/urandom deplete entropy so much?

Alan Cox a écrit :

No matter what you consider as being better, changing a 12 years old andwidely used userspace interface like /dev/urandom is simply not anoption.
Fixing it to be more efficient in its use of entropy and also fixing the
fact its not actually a good random number source would be worth looking
at however.

Yes, since current behavior on network irq is very pessimistic.

If you have some trafic, (ie more than HZ/2 interrupts per second),then add_timer_randomness() feedssome entropy but gives no credit (calling credit_entropy_store() withnbits=0)

This is because we take into account only the jiffies difference, andnot the get_cycles() that should give

us more entropy on most plaforms.

In this patch, I suggest that we feed only one u32 word of entropy,combination of the previous distinctwords (with some of them being constant or so), so that the nbitsestimation is less pessimistic, but also to

avoid injecting false entropy.

Signed-off-by: Eric Dumazet <[email protected]>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 5fee056..6eccfc9 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -550,8 +550,8 @@ static void credit_entropy_store(struct entropy_store *r, int nbits)
 
 /* There is one of these per entropy source */
 struct timer_rand_state {
-	cycles_t last_time;
-	long last_delta,last_delta2;
+	u32      last_word;
+	int last_delta,last_delta2;
 	unsigned dont_count_entropy:1;
 };
 
@@ -570,12 +570,17 @@ static struct timer_rand_state *irq_timer_state[NR_IRQS];
  */
 static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
 {
-	struct {
-		cycles_t cycles;
-		long jiffies;
-		unsigned num;
+	union {
+		struct {
+			cycles_t cycles;
+			long jiffies;
+			unsigned num;
+		};
+		u32 words[1];
 	} sample;
-	long delta, delta2, delta3;
+	u32 word;
+	unsigned int ui;
+	int delta, delta2, delta3;
 
 	preempt_disable();
 	/* if over the trickle threshold, use only 1 in 4096 samples */
@@ -586,7 +591,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
 	sample.jiffies = jiffies;
 	sample.cycles = get_cycles();
 	sample.num = num;
-	add_entropy_words(&input_pool, (u32 *)&sample, sizeof(sample)/4);
+
+	word = sample.words[0];
+	for (ui = 1; ui < sizeof(sample)/4; ui++)
+		word += sample.words[ui];
+
+	add_entropy_words(&input_pool, &word, 1);
 
 	/*
 	 * Calculate number of bits of randomness we probably added.
@@ -595,8 +605,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
 	 */
 
 	if (!state->dont_count_entropy) {
-		delta = sample.jiffies - state->last_time;
-		state->last_time = sample.jiffies;
+		delta = word - state->last_word;
+		state->last_word = word;
 
 		delta2 = delta - state->last_delta;
 		state->last_delta = delta;

Follow-Ups:
- Re: Why does reading from /dev/urandom deplete entropy so much?
  - From: Matt Mackall <[email protected]>

References:
- Why does reading from /dev/urandom deplete entropy so much?
  - From: Marc Haber <[email protected]>
- Re: Why does reading from /dev/urandom deplete entropy so much?
  - From: Adrian Bunk <[email protected]>
- Re: Why does reading from /dev/urandom deplete entropy so much?
  - From: Alan Cox <[email protected]>

Prev by Date: [patch 2/2] man: man pages for ptrace BTS extensions
Next by Date: Re: [PATCH 1/3] x86_64: define all _PAGE_* in terms of _PAGE_BIT_*
Previous by thread: Re: Why does reading from /dev/urandom deplete entropy so much?
Next by thread: Re: Why does reading from /dev/urandom deplete entropy so much?
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]