[Ecls-list] ECL start and random numbers - PATCH

Philipp Marek philipp at marek.priv.at
Tue Aug 2 11:29:53 UTC 2011


Hello Juan!

> why is it a
> problem that ECL reads the amount of bytes that it reads now?
Because the default pool in linux is 4kB (IIRC), so half of the 8kB that are read is
pseudo-randomly generated anyway, and a different half is discarded by the "&
0xffffffff" line; so 8kB are read, but only 2kB of entropy are used.

The second problem is that the entropy that existed here gets _removed_ from the kernel
pools; so every time ECL is started the pool is effectively emptied, which is a problem
if there are other users that need entropy (SSL server, GPG usage, etc.) - because they
might get blocked reading /dev/random, waiting for more entropy to accumulate.


> And how does
> reading less bytes provide the same initial entropy to the RNG?
The ECL RNG will get _less_ entropy, of course.
But the 16 bytes in my patch should be more than sufficient for normal use; and for real
cryptographic needs (RSA/DSS/AES keys etc.) you should need /dev/random anyway, not some
PRNG.


Regards,

Phil


[forgot to sent to list]






More information about the ecl-devel mailing list