pseudo_random and arc4random

Robert Connolly robert at linuxfromscratch.org
Fri Jun 2 20:18:18 PDT 2006


I was updating the kernel pseudo_random and libc arc4random patches, and 
checked open and net bsd to see if they have made recent changes. I noticed 
'use the new fat random sysctl to get initial state.' in their cvs log, and I 
thought to myself "I want a fat random sysctl too". The pseudo_random/frandom 
kernel patch gives 16 byte output from sysctl, in the patch I substituted 16 
with 256, and increased the buffer from 64 to 1024 (multiplied everything by 
4), and it works pretty nice.

This is the standard 16 bytes:
kernel.random.erandom = cb39026ddaac9bed446b9d94718d5577

This is 256 bytes:
kernel.random.erandom = 
56d1a0fa8faa401cec5800ee3a44eac895bf12ccd059468551034edade9ce1c272796227f7561fe0081302a4fce3d58a1d55084ed95d36e96610cb42c700ba10f6d22e43397c6deb2f28820ee537a29961c44f1452853ed0f747217d768c5addc1d0cb1430690ce8063a2ff3b4670880f99a0baf430b66aa7d04aa4d029eafd5a69f5cf83fde7ac7a1913f9807b9df8b0b13be77721c4c466bd243792ba882bb7e0042a852c87500a076332c78f3a957138e7b48b3c8090fcbf718bd753dee190dc37b9b27ec055de642e85b27a4f38c45c700da2f287baa4640cfaaeecea9668958213649731df2ef536611d0cef1236605afe74f16d54f997915abb099d210

This works with the urandom sysctl too. I put a patch here:
http://www.linuxfromscratch.org/~robert/new/newpatches/linux-2.6.16.19-pseudo_random-1.patch-256byte_sysctl

I also fixed class_device_create so frandom can compile as a module on the 
more recent kernels, and fixed the menu a bit so both sysctl drivers are now 
menu options. I would like to find someone familiar with recent 2.6 kernels 
to check over the pseudo_random patch, because it was originally made for 
kernel 2.4 (the devfs stuff could be removed now).

The urandom sysctl uses significant amount of kernel entropy, but erandom 
still uses none. I have yet to check why sysctl urandom and /dev/urandom use 
very different amounts of entropy.

So now the arc4random library can fill a 128 byte buffer with a single sysctl 
call, instead of 8, and the looping code can be removed, so it can run a bit 
more efficiently.

This new kernel patch should work fine with the old arc4 library, the looping 
code will just run once instead of 8 times.

I imagine this uses more system memory to run... 4 times more, but not more 
cpu resources. This may or may not be a problem with systems with little 
memory. More testing is needed to see if there are any other issues.

robert



More information about the hlfs-dev mailing list