Date: Tue, 14 Jul 2015 14:35:19 +0100 From: Vsevolod Stakhov <vsevolod@FreeBSD.org> To: Yuri <yuri@rawbw.com>, Freebsd hackers list <freebsd-hackers@freebsd.org> Subject: Re: Does /dev/random in virtual guests provide good random data? Message-ID: <55A51017.9080202@FreeBSD.org> In-Reply-To: <55A50EE9.1020900@FreeBSD.org> References: <55A2FB68.3070006@rawbw.com> <CCCC361E-70E1-4BA4-9765-65653F40DBC7@kientzle.com> <55A3763B.7010303@rawbw.com> <55A50EE9.1020900@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14/07/2015 14:30, Vsevolod Stakhov wrote: > On 13/07/2015 09:26, Yuri wrote: >> On 07/12/2015 18:14, Tim Kientzle wrote: >>> http://www.2uo.de/myths-about-urandom/ >>> >>> In particular, it has this interesting comment: >>> >>> FreeBSD does the right thing: they don't have the distinction >> >> There are two approaches in random stream generation. One is to have the >> sufficient random seed, and keep generating the following pseudo-random >> numbers only from this seed. The second approach is to also continuously >> feed the stream from some external source of entropy. >> >> The fact that the long running linux VM still blocks on /dev/random >> indicates that linux tries to collect more entropy on the go, following >> the latter approach (intuitively I would also agree this is better for >> randomness). >> >> So it isn't clear why FreeBSD random stream would be of the same >> quality, if it doesn't collect entropy on the go. Because both Linux and >> BSD have exactly the same entropy sources in VM. > > That's *not* the correct definition of how the modern PRNG work. <skipped> And I forgot to mention that in Linux, both /dev/random and /dev/urandom are using pseudo-random generator seeded by the entropy pool(s). So you would never ever access these pools directly. The key difference is that /dev/random blocks unless there is 'enough' entropy in those pools. But it makes a system even *less* secure if an attacker can force you to use /dev/random, as at least it would give her information about the amount of entropy available in your system which is quite dangerous for Yarrow (but not for Fortuna). -- Vsevolod Stakhov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55A51017.9080202>