Hello Tom,
On 10/22/2011 02:13 PM, Tom Gundersen wrote:
> Hi,
>
> This might not be so much a bug report, as a request for clarification.
>
> In random(4) it is explained that /proc/sys/kernel/random/poolsize
> contains the value in bits or bytes in >=2.6 and 2.4 respectively.
> However, the example in the preceding paragraph assumes a 2.4 kernel
> is being used, and treats the value as if it were in bytes.
>
> I ran across this as I maintain the initscripts for Arch Linux, where
> we have been (mistakenly) following the example even though we use a
> 3.0 kernel. Maybe it would be worthwhile to change the example into
> the 2.6 interface, or at least include a word of caution?
>
> I realise that using a value which is too large, probably does no harm
> at all, but not being cryptography expert, I'd rather not take the
> chance.
Long after the fact... I applied the patch below.
Okay?
Thanks for the report.
Cheers,
Michael
PS I am going to be in Oslo a couple of times in coming months.
Perhaps we could meet up for a beer or so.
diff --git a/man4/random.4 b/man4/random.4
index 2519981..4a32aac 100644
--- a/man4/random.4
+++ b/man4/random.4
@@ -171,7 +171,7 @@ This reduces the actual amount of noise in the entropy pool
below the estimate.
In order to counteract this effect, it helps to carry
entropy pool information across shut-downs and start-ups.
-To do this, add the following lines to an appropriate script
+To do this, add the lines to an appropriate script
which is run during the Linux system start-up sequence:
.nf
@@ -186,7 +186,8 @@ which is run during the Linux system start-up sequence:
fi
chmod 600 $random_seed
poolfile=/proc/sys/kernel/random/poolsize
- [ \-r $poolfile ] && bytes=\`cat $poolfile\` || bytes=512
+ [ \-r $poolfile ] && bits=\`cat $poolfile\` || bits=4096
+ bytes=$(expr $bits / 8)
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
.fi
@@ -201,9 +202,14 @@ run during the Linux system shutdown:
touch $random_seed
chmod 600 $random_seed
poolfile=/proc/sys/kernel/random/poolsize
- [ \-r $poolfile ] && bytes=\`cat $poolfile\` || bytes=512
+ [ \-r $poolfile ] && bits=\`cat $poolfile\` || bits=4096
+ bytes=$(expr $bits / 8)
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
.fi
+
+In the above examples, we assume Linux 2.6.0 or later, where
+.IR /proc/sys/kernel/random/poolsize
+returns the size of the entropy pool in bits (see below).
.SS /proc Interface
The files in the directory
.I /proc/sys/kernel/random
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
