Hi! > > On Tue, Mar 22, 2022 at 01:14:36PM -0600, Jason A. Donenfeld wrote: > >> For as far back as I can tell, writing to /dev/urandom or /dev/random > >> will put entropy into the pool, but won't immediately use it, and won't > >> credit it either. > > > > Did you check kernels v4.7 and earlier? It looks like this actually changed > > in > > v4.8 when the ChaCha20 CRNG was introduced. v4.7 would mix the data written > > to > > /dev/{u,}random into {non,}blocking_pool, which would immediately be > > reflected > > in reads from /dev/{u,}random, sys_getrandom(), and get_random_bytes(). > > Writes > > to /dev/{u,}random didn't affect the input_pool, which was separate. > > Oh, I suppose you might be right, actually, that v4.7 and below would > hash the non blocking pool, and let /dev/urandom write directly into > it, as something distinct from the input pool. This changed with v4.8, > 6 years ago, and now there are no LTS kernels that old, with most > small devices even having vendor kernels v4.9+. v4.8 apparently did We are still maintaining 4.4 for -cip project, and people running android probably still maintain that, too. > this while fixing a more extreme vulnerability of allowing unprivileged users to > bruteforce input bytes (in addition to allowing unbounded unprivileged lock contention). I assume this got fixed during the 4.4-stable series? Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html