From owner-freebsd-questions@FreeBSD.ORG Tue Mar 1 08:06:16 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6989B16A4CE for ; Tue, 1 Mar 2005 08:06:16 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id F04FD43D2D for ; Tue, 1 Mar 2005 08:06:15 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j2186Db20215; Tue, 1 Mar 2005 00:06:14 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Kris Kennaway" Date: Tue, 1 Mar 2005 00:06:11 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 In-Reply-To: <20050228201308.GC70059@xor.obsecurity.org> Importance: Normal cc: "Loren M. Lang" cc: Rob cc: FreeBSD questions Subject: RE: /dev/io , /dev/mem : only used by Xorg? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2005 08:06:16 -0000 Kris Kennaway wrote: > On Mon, Feb 28, 2005 at 04:58:02AM -0800, Ted Mittelstaedt wrote: > >> Yes - there's some random testing suites on the Internet, find a >> few and compile them. (ENT for example) Run them repeatedly and see >> what happens. >> >> Part of the problem is that BY DEFAULT the random device DOES NOT >> look at interrupts. See the man page for rndcontrol. Presumably >> the system admin of the system knows this and looks at his dmesg >> output to see which irq's are assigned to network cards and hard >> disks (which are fairly good sources of randomness) and sets the >> random device to use these. In practice this isn't something >> mentioned in the install docs so it is very unlikely many people >> know. >> >> Another strange thing is that /dev/random should block when it >> runs out of entropy - it doesen't seem to do so, however. And the >> device doesen't seem to gain entropy that quickly. > > No, it should not block because it's not defined to block In FreeBSD > and that > would be a bad interface anyway. The "u" in /dev/urandom means unblocking. The original UNIX implementation was for /dev/random and /dev/urandom, programs that needed high quality randomness and didn't mind waiting for it used /dev/random, programs that needed copious amounts of it and didn't care much about the quality used /dev/urandom > It does return as many bytes as it > can, and if the application wants more entropy than given then it can > either poll, or fall back to alternative mechanisms as it sees fit > (blocking would prevent this). > The problem is that too many people wrote software that needed copious amounts of high quality randomness and got pissed when their software hung - as a result in the older FreeBSD they modded /dev/random to not block anymore, and I think a lot of other unixes did the same to their random devices for the same reasons. If the application wasn't expecting this the results were undefined, but probably not very random. > Anyway, all your concerns are moot for 5.x. > 5.X is still not in as wide circulation as you apparently hope and it's quite obvious that the vast majority of 4.X users aren't aware of the issue. And yes I'll take your advice and switch to 5.X for sending out my secrets that I don't want the men in the black helicopters to get at. /-| Ted