[Olsr-dev] /dev/random can block forever - Re: [PATCH v1 1/1] main: improve random number generator seed
Henning Rogge
(spam-protected)
Mon Mar 25 08:22:33 CET 2013
What do you think Ferry,
just move to /dev/urandom? the rand() function is not photographically
safe anyways, so we don't need to overdo it at the initialization.
Henning Rogge
On Sat, Mar 23, 2013 at 12:19 AM, Björn Lichtblau
<(spam-protected)> wrote:
> Hi,
>
> /dev/random can block forever if not enough entropy is available. It does on
> my systems, the problem is described here in detail:
> http://www.usn-it.de/index.php/2009/02/20/oracle-11g-jdbc-driver-hangs-blocked-by-devrandom-entropy-pool-empty/
>
> Works fine for me when using /dev/urandom, what should be the default imho,
> it never blocks and pseudo random numbers should be enough if it is just
> used for the jitter.
>
> From "man 4 random":
>
> When read, the /dev/random device will only return random bytes
> within the estimated
> number of bits of noise in the entropy pool. /dev/random should be
> suitable for uses
> that need very high quality randomness such as one-time pad or key
> generation. When
> the entropy pool is empty, reads from /dev/random will block until
> additional environ‐
> mental noise is gathered.
>
> A read from the /dev/urandom device will not block waiting for more
> entropy. As a
> result, if there is not sufficient entropy in the entropy pool, the
> returned values are
> theoretically vulnerable to a cryptographic attack on the
> algorithms used by the
> driver. Knowledge of how to do this is not available in the current
> unclassified lit‐
> erature, but it is theoretically possible that such an attack may
> exist. If this is a
> concern in your application, use /dev/random instead.
>
> Usage
> If you are unsure about whether you should use /dev/random or
> /dev/urandom, then proba‐
> bly you want to use the latter. As a general rule, /dev/urandom
> should be used for
> everything except long-lived GPG/SSL/SSH keys.
>
>
> bye, Björn
>
>
>
>
> On 10.11.2012 11:50, Ferry Huberts wrote:
>
> From: Ferry Huberts <(spam-protected)>
>
> Make it much more random when /dev/random or /dev/urandom is
> available.
>
> Signed-off-by: Ferry Huberts <(spam-protected)>
> ---
> src/main.c | 24 +++++++++++++++++++++++-
> 1 file changed, 23 insertions(+), 1 deletion(-)
>
> diff --git a/src/main.c b/src/main.c
> index ae38439..382c5dc 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -230,6 +230,28 @@ olsrmain_load_config(char *file) {
> return 0;
> }
>
> +static void initRandom(void) {
> + unsigned int seed = (unsigned int)time(NULL);
> +
> +#ifndef _WIN32
> + int randomFile;
> +
> + randomFile = open("/dev/random", O_RDONLY);
> + if (randomFile == -1) {
> + randomFile = open("/dev/urandom", O_RDONLY);
> + }
> +
> + if (randomFile != -1) {
> + if (read(randomFile, &seed, sizeof(seed)) != sizeof(seed)) {
> + ; /* to fix an 'unused result' compiler warning */
> + }
> + close(randomFile);
> + }
> +#endif /* _WIN32 */
> +
> + srandom(seed);
> +}
> +
> /**
> * Main entrypoint
> */
> @@ -297,7 +319,7 @@ int main(int argc, char *argv[]) {
> olsr_openlog("olsrd");
>
> /* setup random seed */
> - srandom(time(NULL));
> + initRandom();
>
> /* Init widely used statics */
> memset(&all_zero, 0, sizeof(union olsr_ip_addr));
>
>
>
> --
> Olsr-dev mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-dev
--
We began as wanderers, and we are wanderers still. We have lingured
long enough on the shores of the cosmic ocean. We are ready at last to
set sail for the stars - Carl Sagan
More information about the Olsr-dev
mailing list