Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

5
  • is there any known malware that takes advantage of pushing data to /dev/random from userland to reduce entropy in the eyes of the malware? Could this even be a valid concern? Commented Oct 28, 2014 at 17:50
  • @AnthonyKraft from what I understand, "pool compromise" is so difficult that there are much easier ways to compromise the OS directly. Basically don't worry about it. Commented Oct 28, 2014 at 18:01
  • 3
    By pushing data into the pool, you don't actually reduce the entropy; it does not evict old entropy or anything like that. What such pushing could do is somehow convince /dev/random that it has more entropy than it dreamt of, leading to it producing more bytes without blocking -- which is fine. It would just, at "worst", make /dev/random behave like /dev/urandom. /dev/urandom is cryptographically strong. (In fact /dev/random is useless and everybody should be using /dev/urandom, despite widespread myths.) Commented Oct 28, 2014 at 18:08
  • Pushing from an unprivileged user never increases the available entropy. Writing to /dev/random doesn't call credit_entropy_bits, and the ioctl for mixing entropy requires CAP_SYS_ADMIN (root). Commented Oct 28, 2014 at 19:39
  • he will still miss 10 bits of entropy if the kernel measures that time down to the nanosecond. This isn't necessarily true. NICs often use interrupt coalescing which makes their timing more predictable. Even without that though, the APIC itself ticks at a far lower rate than the cycle counter, so the precision of measuring an interrupt may be significantly lower. Commented Apr 5, 2018 at 1:52