On May 4, 2014, at 3:56 PM, Ángel González <keisial@xxxxxxxxx> wrote: > On 02/05/14 21:40, William Ahern wrote: >> Linux >> also has an obscure sysctl which pulls directly from the internal CSPRNG. So >> all of these will work in a jail without /dev or /proc. > > That's cool, but as stated on Linux sysctl(2): >> NOTES >> Glibc does not provide a wrapper for this system call; call it using syscall(2). Or rather... don't call it: use of >> this system call has long been discouraged, and it is so unloved that it is likely to disappear in a future kernel >> version. Since Linux 2.6.24, uses of this system call result in warnings in the kernel log. Remove it from your >> programs now; use the /proc/sys interface instead. >> >> This system call is available only if the kernel was configured with the CONFIG_SYSCTL_SYSCALL option. > > And indeed, trying a test program calling CTL_KERN, KERN_RANDOM, RANDOM_UUID (from your code) prints >> warning: process `sysctl-rand' used the deprecated sysctl system call with 1.40.6. > > and returned with ENOSYS (the kernel was compiled without CONFIG_SYSCTL_SYSCALL). > > > So I don't think it's a suitable primary mean to gather random data under Linux. :-( > > I encourage you to raise at lkml the need to have a dev-less random data source, though. > libevent’s RNG mentions similar issues: https://github.com/libevent/libevent/blob/master/arc4random.c#L340 Any opinion on HAVEGE as an additional entropy source? PolarSSL / XYSSL appear to use it as their primary source of entropy. I extracted the main bits from the last BSD release of XYSSL for testing: https://gist.github.com/busterb/631e2cf61a55de87d6b8 Seems like it might be better than concatenating a lot of ‘junk’ when all else fails, at least if you can trust the cycle counter to do the right thing (maybe not in a VM). Botan also has a few novel sources of entropy implemented like process walk times and running random processes (like PRNGD does): https://github.com/randombit/botan/tree/net.randombit.botan/src/lib/entropy I have to admit I’m surprised at the number of projects that have sort-of solved this problem independently. It seems like an entropy gathering library could live as a standalone project. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev