On 29/06/16 16:04, Etienne Champetier wrote:
2016-06-29 16:25 GMT+02:00 Daniel Thompson <daniel.thomp...@linaro.org>:
On 29/06/16 14:54, Etienne Champetier wrote:
If we want to be safe, we have to use /dev/urandom only after its
initialised
A simple tests adding this in an init script on a LEDE (OpenWrt) VM:
getrandom 1 > /dev/null
echo "### getrandom ###" > /dev/kmsg
dd if=/dev/random of=/dev/null count=1 bs=1
echo "### dd ###" > /dev/kmsg
gives:
[ 14.321536] ### getrandom ###
[ 42.603677] ### dd ###
And this can be worse on real hardware ..
Not clear it the above shows that dd behaves differently to getrandom or if
the difference is merely due to less frequent interrupts after system is
booted...
What timings to you get if you reverse the commands?
You missed how the all thing works
you have
- /dev/urandom, which never block
- getrandom(), which block until /dev/urandom is properly initialized
(system wide), then never block again and read from /dev/urandom
- /dev/random, which only start it initialization after getrandom()
unblock, and block when it estimates entropy is low
So getrandom will always finish before dd, and after dd /dev/random
unblock you are sure getrandom doesn't block anymore
Also running 100 times getrandom will not affect other processes, when
running 100 times dd /dev/random might block and block other
/dev/random users
Thanks for the explanation. I had indeed overlooked that the getrandom
applet does not consume any entropy.
Daniel.
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox