Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!news-1.dfn.de!news.dfn.de!news.informatik.hu-berlin.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Rainer Weikusat Newsgroups: comp.os.linux.development.system,comp.os.linux.development.apps Subject: Re: shred or scrub Date: Mon, 21 Apr 2014 13:24:04 +0100 Lines: 49 Message-ID: <87r44qoopn.fsf@sable.mobileactivedefense.com> References: <87ppkd2cx5.fsf@sable.mobileactivedefense.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: individual.net 7T8RiBarhb7L5Xg0yfDTHwDRxROcBngx0gaOfSxT2N2koRZ+c= Cancel-Lock: sha1:tdU1An8WKuf2IpsPI6RxuJGk0I8= sha1:YYGRBrl6u0Qzf52mv/tKTxvfGHw= User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) Xref: csiph.com comp.os.linux.development.system:641 comp.os.linux.development.apps:709 crankypuss writes: > On 04/19/2014 04:05 PM, Rainer Weikusat wrote: >> "Bill Cunningham" writes: >>> crankypuss wrote: >>> >>>> There exist pseudo-devices 'zero', 'random', and 'urandom': >>>> http://en.wikipedia.org/wiki/Device_file#Pseudo-devices >>> >>> What's the difference in urandom and random devices? >> >> The kernel is supposed to collect 'bits with unpredictable values' from >> 'suitable sources' and the random-device will only return such bits, >> blocking a reader in case the already collected ones have all been >> handed out. /dev/urandom is a hash-based PRNG which generates bits as >> required by performing a set of calculations on the existing >> 'unpredictable value bit pool'. [...] > Given that "environmental static" occurs every > time an interaction with the network occurs, NIC drivers don't feed input into the entropy pool (or don't do so anymore) because 'interactions with the network' happen in response to 'interactions with the network' on some unrelated computer. > every time some devices > are heard from, in the elapsed time since the last request for a > random number was received on a multi-thread system, the whole idea of > having /dev/random block seems pretty silly. Reducing any > multi-thread operating system in which device events occur > asynchronously to a state of complete cyclic stability is so insanely > difficult as to approach impossible. I don't quite understand what you're up to. Obviously, the number of bits added to the entropy pool during any given time interval must be finite, hence, it is at least theoretically possible to remove bit from it at a higher speed and hence, exhaust the available supply sooner or later. Considering that 'reading data from /dev/random' essentially amounts to a memory-to-memory copy which can be done faster than 'exchanging data with some device', it doesn't seem inconceivably to achieve this. Practically, dd can be used to test that it actually happens: Executing dd if=/dev/random bs=4096 count=1 of=x on the machine I'm using to write this (3.2.9) usually results in a couple of 'short reads' followed by an invocation which blocks for some seconds.