urandom entropy

Robert Connolly robert at linuxfromscratch.org
Tue Feb 8 06:20:43 PST 2005


It looks like the kernel guys have modified the urandom driver since I last 
checked. It doesn't use nearly as much kernel entropy as it used to. It seems 
to be taking entropy periodically to reseed urandom's state. It's behaving a 
lot like erandom now.

This might mean we don't need the frandom patch anymore. Although the 
frandom/erandom devices still has two or three advantages. The sysctl 
interface works threw chroot; this is one less thing to worry about. The 
frandom/erandom devices have much more (10 times) throughput than urandom. 
Erandom's ability to use no entropy might still be an advantage on a diskless 
machine. Using urandom with ssp my entropy_avail never went below 3200 bytes 
(from 4096), but I have a keyboard and mouse feeding entropy back in.

It wouldn't be hard to change the glibc patch to let users have a choice. But 
I wonder if this is just added complications. uClibc will have a config 
option for this. Personally I still like erandom.

robert



More information about the hlfs-dev mailing list