Help save net neutrality! Learn more.
Close

#8 Lack of entropy - empty /dev/random

open
None
5
2004-05-30
2004-04-01
Marti
No

This is not exactly a bug, but a big misfeature.
Since coLinux doesn't collect entropy, the entropy pool is
constantly empty, which is the cause of /dev/random
being empty. Applications that rely on it will just freeze
don't work. I think coLinux should use some legacy
methods for entropy collection, or at least temporarily
provide urandom or other sources.

Discussion

  • Nobody/Anonymous

    Logged In: NO

    There seems to be similar issue in UML too. Agree with you
    that it is quite a bit misfeature.

     
  • Dan Aloni

    Dan Aloni - 2004-05-30
    • assigned_to: nobody --> da-x
     
  • Clifford Caoile

    Clifford Caoile - 2004-09-03

    Logged In: YES
    user_id=3562

    According to the wiki's page "RandomNotes" (http://www.colinux.org/wiki/index.php/RandomNotes), you can work around this bug/misfeature by typing something in the ftlk console. This will serve as the entropy source for a little while at least.

    For example when using Subversion and committing a source change (svn commit), you may need to do this workaround for about 5 seconds. (Monkeys to typewriters: start!)

    Why can't colinux collect entropy from the network as a stop-gap feature? I have heard that collecting entropy from the network is not random enough (or a security problem), though.

     
  • Marius Huse Jacobsen

    Logged In: YES
    user_id=206105

    In many cases, it's better that it remains 'unsolved' - for
    things like crypto, it's 'not sending' versus 'sending weakly
    encrypted'. If your life depends on the confidentiality of a
    message, you'd prefer it not being sent.

     
  • Mark Bulas

    Mark Bulas - 2005-04-29

    Logged In: YES
    user_id=493291

    This is a huge issue for me as well. I've actually resorted
    to doing the following on my coLinux installation:

    mv /dev/random /dev/random.orig
    ln /dev/urandom /dev/random

    ...as this appears to be the only way to get any kind of
    random-number stuff out of the system. May not be very
    random, so you can't trust this for any kind of real
    cryptographic security, but at least programs that rely upon
    /dev/random (Subversion, et al) will now work without manual
    intervention.

     
  • GingGangGoolies

    GingGangGoolies - 2006-08-16

    Logged In: YES
    user_id=1233451

    While this doesn't resolve the issue it is a "quick fix"
    that may go some way to alleviating the noted problem:

    * Create a link from /dev/urandom to /dev/random

     
  • Henry N.

    Henry N. - 2007-09-24

    Logged In: YES
    user_id=579204
    Originator: NO

    The branch devel (from snapshot) with kernel 2.6.22 uses Networking interrupts for entropy. That is not the best, but better as blocking.

     
  • Nobody/Anonymous

    Logged In: NO

    $ equery uses apr
    [ Found these USE variables for dev-libs/apr-1.3.2 ]
    + + urandom : Use /dev/urandom instead of /dev/random

    it's lucky that i'm using gentoo so i can use urandom for it so my subversion works "just fine". good to know i can "Create a link from /dev/urandom to /dev/random" to slow problems beside apr. but if the entropy is not enough, it's unsecure.