On 11/11/2016 01:08 PM, Laurent Georget wrote:
>>> I'm reluctant to duplicate text in two places. I think that that
>>> duplication os prt of the reason why we have the current mess.
>>
>> So, maybe all this discussion about which interface to choose, expected
>> usage, etc. should go to a random.7 man page? This would be the logical
>> location to detail the differences about the three interfaces. What do
>> you think?
>
> To follow up on this, what do you think of the following patch? I do not
> propose it for inclusion as is but more as a kind of RFC. Would it be useful
> to have this kind of table to sum up in one place the differences between
> getrandom(), /dev/random and /dev/urandom?
>
> Note that this is my first attempt to make tables in man pages so I have no
> idea if I did things right or not.
I like this. I'll incorporate it in random(7) :-).
Cheers,
Michael
>
> Cheers,
> Laurent
>
> ---
> man2/getrandom.2 | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 75 insertions(+)
>
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> index 32c55bd..b337415 100644
> --- a/man2/getrandom.2
> +++ b/man2/getrandom.2
> @@ -313,6 +313,81 @@ And indeed, such usage is unnecessary (and will be slow):
> instead, use these interfaces to provide a small amount of
> data used to seed a user-space pseudo-random number generator
> for use by such applications.
> +
> +.\"
> +.SS Comparison between getrandom, /dev/urandom and /dev/random
> +
> +.TS
> +allbox;
> +lb lb lb lb.
> +Interface Pool Blocking behavior Behavior in early boot time
> +T{
> +.I /dev/random
> +T} Blocking pool T{
> +Blocks when the entropy estimate is too low until there is enough entropy again
> +T} T{
> +Blocks until enough entropy is gathered
> +T}
> +T{
> +.I /dev/urandom
> +T} T{
> +Cryptographically-secure Random Number Generator (CRNG) output
> +T} T{
> +Does not block once the CRNG is ready
> +T} T{
> +Returns output from uninitialized CRNG (possibly low entropy and not suitable for cryptography)
> +T}
> +T{
> +.BR getrandom ()
> +T} T{
> +Same as
> +.I /dev/urandom
> +T} T{
> +Does not block once the pool is ready
> +T} T{
> +Blocks until the pool is ready
> +T}
> +T{
> +.BR getrandom ()
> +with
> +.B GRND_RANDOM
> +T} T{
> +Same as
> +.I /dev/random
> +T} T{
> +Blocks when the entropy estimate is too low until there is enough entropy again
> +T} T{
> +Blocks until the pool is ready
> +T}
> +T{
> +.BR getrandom ()
> +with
> +.B GRND_NONBLOCK
> +T} T{
> +Same as
> +.I /dev/urandom
> +T} T{
> +Does not block
> +T} T{
> +Returns -EAGAIN if the pool is not ready
> +T}
> +T{
> +.BR getrandom ()
> +with
> +.B GRND_RANDOM
> +and
> +.B GRND_NONBLOCK
> +T} T{
> +Same as
> +.I /dev/random
> +T} T{
> +Returns -EAGAIN if not enough entropy is available
> +T} T{
> +Returns -EAGAIN if the pool is not ready
> +T}
> +.TE
> +
> +
> .\"
> .SS Generating cryptographic keys
> The amount of seed material required to generate a cryptographic key
>
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
