Different behavior for kernel entropy in 4.13 kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I compile a custom kernel locally from the Fedora src.rpm.  I notice
that the most recent 4.13 kernel I compiled, 4.13.0-0.rc4.git3.1, has
different behavior for the kernel entropy pool than it used to have.

The way it used to work was that when the kernel entropy pool was kept
full, or fuller, it would bleed entropy across to the pseudo-random
generator in order to reseed it.  This makes the output sequence of the
PRNG indeterminate, and thus more random, and harder to attack.  It is
no longer a pseudo random number generator, except in intervals.

I notice now that there is no bleed happening.  When the kernel entropy
pool gets full, if there are no calls to /dev/random, it stays full.

I don't have a hardware RNG, but I harvest entropy from a sound device,
and from an rtl2832 receiver (atmospheric).  They still work, if I do
cat /dev/random | rngtest -b 10
they get fired up and run full out.

But if I do 
cat /dev/urandom | rngtest -b 20000
the entropy pool just sits there, and they don't run.

The entropy pool can be looked at, as root, with
cat /proc/sys/kernel/random/entropy_avail
I reset the write_wakeup_threshold there to 3840 from its default 1792,
and lower the urandom_min_reseed_secs to 5 (I think the default is 60).

Can you explain why this was changed, or point me to a discussion of
the rationale for the change?  It seems like it has implications for
system security, and on the surface seems to decrease security of the
PRNG.

Thanks.
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux