Does /dev/random in virtual guests provide good random data?
Vsevolod Stakhov
vsevolod at FreeBSD.org
Tue Jul 14 13:35:21 UTC 2015
On 14/07/2015 14:30, Vsevolod Stakhov wrote:
> On 13/07/2015 09:26, Yuri wrote:
>> On 07/12/2015 18:14, Tim Kientzle wrote:
>>> http://www.2uo.de/myths-about-urandom/
>>>
>>> In particular, it has this interesting comment:
>>>
>>> FreeBSD does the right thing: they don't have the distinction
>>
>> There are two approaches in random stream generation. One is to have the
>> sufficient random seed, and keep generating the following pseudo-random
>> numbers only from this seed. The second approach is to also continuously
>> feed the stream from some external source of entropy.
>>
>> The fact that the long running linux VM still blocks on /dev/random
>> indicates that linux tries to collect more entropy on the go, following
>> the latter approach (intuitively I would also agree this is better for
>> randomness).
>>
>> So it isn't clear why FreeBSD random stream would be of the same
>> quality, if it doesn't collect entropy on the go. Because both Linux and
>> BSD have exactly the same entropy sources in VM.
>
> That's *not* the correct definition of how the modern PRNG work. <skipped>
And I forgot to mention that in Linux, both /dev/random and /dev/urandom
are using pseudo-random generator seeded by the entropy pool(s). So you
would never ever access these pools directly. The key difference is that
/dev/random blocks unless there is 'enough' entropy in those pools. But
it makes a system even *less* secure if an attacker can force you to use
/dev/random, as at least it would give her information about the amount
of entropy available in your system which is quite dangerous for Yarrow
(but not for Fortuna).
--
Vsevolod Stakhov
More information about the freebsd-hackers
mailing list