In brief: Adding entropy by writing to /dev/[u]random doesn't appear
to be working. I am aware that the reported available entropy (via
/proc/sys/kernel/random/entropy_avail) will not increase; the symptom
is /dev/random keeps spitting out the same numbers.
I have two embedded boards (one ARM, one PowerPC), running two
different versions of 2.6. They have no hard drives, keyboards or
mice. They each have a NIC, but I understand these make no
contribution to the entropy pool.
Many distros ship with an init script that saves and restores the
entropy pool on startup and shutdown. The bit that interests me that
is called on startup is (my comments):
if [ -f $random_seed ]; then
cat $random_seed >/dev/urandom # should seed the pool
fi
dd if=/dev/urandom of=$random_seed count=1 2>/dev/null # save some
data from urandom for next boot
I have rebooted my boards many times, and after each boot I read the
contents of $random_seed. Whilst it does not happen every time, the
contents of $random_seed are /often the same/. To give you a feel:
rebooted 11 times, got a total of 3 different outputs.
This suggests that cat'ing the contents of the random_seed file into
/dev/urandom is not actually increasing the available entropy at all;
indeed it is having no effect whatsoever.
This is obviously a serious issue on these boards, as writing to
/dev/random is the only source of entropy.
In place of these startup scripts I have tried my own script that
explicitly cats in a load of data, and then reads out several K from
/dev/urandom - the data that is read out is normally the same, no
matter what data is written.
I put the fact that this is not 100% reproducible down to timing
variations, which is also the reason why all the experimentation has
been done at startup - the reading and writing occurs at very nearly
exactly the same kernel time, every time it boots.
Is this a bug? Am I doing something stupid?
Thanks,
Michael Macnair
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
