Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Summarizing the article, `cat /dev/random` will still work but will never block, possibly returning random data based on less entropy than before. They claim that in the modern situation there is already enough entropy in it even for secure key generation. There seemingly will still exist a programmatic way to get a random stream based on predictable amount of entropy, but not through reading this filesystem node.


> Summarizing the article, `cat /dev/random` will still work but will never block

`cat /dev/random` may still block, but only once per reboot. It may block if it is called so early that not enough entropy has been gathered yet. Once there enough entropy has been gathered it will never block again.


As mentioned by the article that's already the default behaviour of getrandom() and the BSDs have symlinked /dev/random to /dev/urandom for a long time already.

I think this is a change for the best, in particular this bit sounds completely true to my ears:

> Theodore Y. Ts'o, who is the maintainer of the Linux random-number subsystem, appears to have changed his mind along the way about the need for a blocking pool. He said that removing that pool would effectively get rid of the idea that Linux has a true random-number generator (TRNG), which "is not insane; this is what the *BSD's have always done". He, too, is concerned that providing a TRNG mechanism will just serve as an attractant for application developers. He also thinks that it is not really possible to guarantee a TRNG in the kernel, given all of the different types of hardware supported by Linux. Even making the facility only available to root will not solve the problem: Application programmers would give instructions requiring that their application be installed as root to be more secure, "because that way you can get access the _really_ good random numbers".

The number of time I've had to deal with security-related software and scripts who insisted in sampling /dev/random and stalling for minutes at a time...


A minor note:

* Only FreeBSD symbolically links, and it does it in the other direction. urandom is the symbolic link to random.

* OpenBSD has four distinct character device files: random, arandom, srandom, and urandom.

* NetBSD (as of 2019) has two distinct character device files: random and urandom. They have different semantics from each other. https://netbsd.gw.com/cgi-bin/man-cgi?rnd+4+NetBSD-current


On OpenBSD:

    $ ls -l /dev/*random*
    lrwxr-xr-x  1 root  wheel         7 Dec 10 15:05 /dev/random@ -> urandom
    crw-r--r--  1 root  wheel   45,   0 Jan  6 15:30 /dev/urandom


That must be a recent change.

    $ ls -F /dev/*random*
    /dev/arandom  /dev/random   /dev/srandom  /dev/urandom
    $


Deleted in 2017. https://marc.info/?l=openbsd-cvs&m=151069089605712&w=2 you can delete arandom and srandom

Edit: better link


And you don't think they did so for a reason? If you don't care for security (and there are good reason why one wouldn't), then you can create the link yourself on those systems (or link to /dev/zero for extra low wait times). Why does now everyone have to suffer the same? What happened to "keep policy out of the kernel"?


I understood it that reading from `/dev/random` will still block just after boot (i.e. before it's initialised) unless you pass the new flag `GRND_INSECURE` to `getrandom`. After it's initialised, however, it will never block because it's now just using the CRNG.


Please don't confuse `/dev/random` and `getrandom` - they are separate interfaces.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: