[FYI: from drivers/char/random.c] * * void add_keyboard_randomness(unsigned char scancode); * void add_mouse_randomness(__u32 mouse_data); * void add_interrupt_randomness(int irq); * void add_blkdev_randomness(int irq); * * add_keyboard_randomness() uses the inter-keypress timing, as well as the * scancode as random inputs into the "entropy pool". * * add_mouse_randomness() uses the mouse interrupt timing, as well as * the reported position of the mouse from the hardware. * * add_interrupt_randomness() uses the inter-interrupt timing as random * inputs to the entropy pool. Note that not all interrupts are good * sources of randomness! For example, the timer interrupts is not a * good choice, because the periodicity of the interrupts is too * regular, and hence predictable to an attacker. Disk interrupts are * a better measure, since the timing of the disk interrupts are more * unpredictable. * * add_blkdev_randomness() times the finishing time of block requests. * * All of these routines try to estimate how many bits of randomness a * particular randomness source. They do this by keeping track of the * first and second order deltas of the event timings. A quick reading of the code is that these sources of entropy are automatically added if the corresponding device is present. But sending some data to /dev/random never changes entropy_avail from 0. $ cat entropy_avail $ dd if=/dev/urandom of=/dev/random-seed count=512 $ cat entropy_avail 0 512+0 records in 512+0 records out 0 My system is an old SMP Red Hat system that's been upgraded from 7.2 to 9 and now to FC1. I do apply lots of updated RPMs from freshrpms, ATrpms, NewRPMs, etc. including, of course, Fedora. I'm running a stock, unmodified kernel-smp-2.4.22-1.2188.nptl from Fedora. The text "random" doesn't apprear in either /var/log/messages or dmesg. Something else is clearly wrong, but I have no clue what... --- Vladimir P.S. Kent, thanks for you help. Your immediate knowledge is much better than mine. ------------------------------------------------------------------------ Vladimir G. Ivanovic http://leonora.org/~vladimir 2770 Cowper St. vladimir@xxxxxxx Palo Alto, CA 94306-2447 +1 650 678 8014 ------------------------------------------------------------------------ >>>>> "kb" == Kent Borg <kentborg@xxxxxxxx> writes: kb> kb> On Thu, May 13, 2004 at 02:26:08PM -0700, Vladimir G. Ivanovic wrote: >> I am not logged in remotely but locally. I've had a "cat /dev/random" >> running in a GNOME Terminal tab (window) now for several hours while I >> read mail & surfed. kb> kb> Eeek! kb> kb> One of the problems with /dev/random (as opposed to /dev/urandom) is kb> that any user can read it, drain all the entropy, and prevent others kb> from getting any. As a test it can be interesting, but don't do that kb> otherwise. (Don't forget an extra cat left running on a different kb> console.) kb> kb> Kill the cat. cd to /proc/sys/kernel/random and look around. kb> Specifically, cat entropy_avail. I am guessing you will see nothing. kb> Now cat a few bytes into /dev/random and cat entropy_avail again. Did kb> any show up? If so, then things are as I expect, you need to tell kb> your mouse and keyboard and other devices to contribute entropy. I kb> would have to start searching through kernel sources and googling to kb> find out how. kb> kb> -kb, the Kent who has run off the end of his immediate knowledge. kb> kb> kb> P.S. Did you do a standard install? What strange things have you kb> done? (Compile your own kernel? Mess with boot initializations?) kb> kb> kb> -- kb> fedora-list mailing list kb> fedora-list@xxxxxxxxxx kb> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list kb>
