#1169 Linux: Startup is slowed because of blocking /dev/random

v1.0_(example)
closed
Rony Shapiro
None
1
2014-08-17
2014-03-08
Simon
No

Hi,

I'm running Password Safe from git on Fedora 20 x86_64. It often takes a rather long time to start. It waits in pws_os::GetRandomSeed (src/os/linux/rand.cpp) while reading from /dev/random. It seems that even just after checking /proc/sys/kernel/random/entropy_avail the returned amount of entropy is not availlable from /dev/random. (I'm not really sure if that is the expected kernel behaviour.)

It would probably be a good idea to read only as many random bytes as necessary instead of trying to gather as much as possible.

Discussion

  • Simon
    Simon
    2014-03-15

    As the seed is hashed to a 256 bit value would it be sufficient to read at most 256 bit?

    See attached patch.

     
    • Jeff Woods
      Jeff Woods
      2014-04-18

      As the seed is hashed to a 256 bit value would it be sufficient to read at most 256 bit?

      I expect the hash function will have some collisions on the 2^256 possible 256bit values so the remaining entropy will be less than 256 bits. My understanding is that /dev/random is designed to have full entropy in the value. Perhaps it makes more sense to use up to 256 bits from /dev/random without hashing them.

       
  • Rony Shapiro
    Rony Shapiro
    2014-03-16

    Thanks. Tweaked it a bit to make it slightly more maintainable, commit 36e01ec.

     
  • Rony Shapiro
    Rony Shapiro
    2014-03-16

    • status: open --> pending
     
  • Rony Shapiro
    Rony Shapiro
    2014-04-18

    You can download an rpm with the fix for this from
    http://pwsafe.org/tmp/pwsafe-0.93.1BETA-3.x86_64.rpm
    Please let me know if this resolves the problem.

     
    • Simon
      Simon
      2014-04-19

      Yes, the problem is now solved, thank you.
      Sorry for reporting back so late.

       
      • Dave Ulrick
        Dave Ulrick
        2014-04-19

        I've installed the RPM referenced above but I'm still seeing slow initialization when I launch pwsafe. The delay is on the order of 30 seconds. I'm using Fedora 20 with the latest patches. During the delay, strace shows that /dev/random is being read. From the strace log:

        open("/proc/sys/kernel/random/entropy_avail", O_RDONLY) = 3
        read(3, "865\n", 8191) = 4
        open("/dev/random", O_RDONLY) = 4
        read(4, "\217)\202\351:\356q\35\316\3\331\311\3439\312\233\30\247\274\324fD\10B\31\335#\350\3211N\305"..., 8191) = 68
        read(4, "\7\235\313\373\341\236", 8191) = 6
        read(4, "\3\17\362\4\272\237", 8191) = 6
        read(4, "\3743`\"r7", 8191) = 6
        read(4, "\325\342\3502\310\353", 8191) = 6
        read(4, "o9\263\356(\3", 8191) = 6
        read(4, "\313\2643=\2100", 8191) = 6
        read(4, "\20\335\312\342\250f", 8191) = 6
        close(4) = 0
        close(3) = 0

        $ which pwsafe
        /usr/bin/pwsafe
        $ rpm -qf /usr/bin/pwsafe
        pwsafe-0.93BETA-3.x86_64

         
  • The problem is not yet solved. I can consistently reproduce it by open the program, closing it, and then opening it again.

    In C++ ifstream is buffered, causing the line

    ifstream rnd("/dev/random");
    

    to empty all of /dev/random. Instead you should be using an unbuffered stream

    ifstream rnd;
    rnd.rdbuf()->pubsetbuf(0, 0);
    rnd.open("/dev/random");
    

    You can check the results by watching the file: /proc/sys/kernel/random/entropy_avail.

     
    Last edit: Michael Bannister 2014-04-21
  • Rony Shapiro
    Rony Shapiro
    2014-04-21

    This is why I love open source!
    Reviewed, tested and committed (for both Linux and Mac) master f8710e3

    Thanks.

     
    • Dave Ulrick
      Dave Ulrick
      2014-04-21

      I've grabbed the GIT repository with 'git clone ...' and compiled with 'make release' on Fedora 20 x86_64. The startup delay seems to be gone.

      Thanks for the quick fix!

       
  • Just wanted to add that I am seeing very slow startup since a while (since 0.93?), too. I use Ubuntu 12.04 64bit and 14.04 64bit.

     
  • Rony Shapiro
    Rony Shapiro
    2014-07-15

    • status: pending --> closed
    • assigned_to: Rony Shapiro