Ask Your Question
2

/dev/random in Fedora 20 is too FAST!

asked 2013-12-29 20:58:54 -0600

mattman5 gravatar image

I know this seems like a strange "problem," but the output of /dev/random in Fedora 20 seems like it's actually too FAST. Yes, I know the difference between /dev/random and /dev/urandom. /dev/random blocks reading from it when the pool of entropy is exhausted, but /dev/urandom will generate pseudorandom numbers once the entropy pool is exhausted.

On other linux distros (Ubuntu and Arch), running the same kernel version "3.12.5", the command:cat /dev/random produces a very slow output, but the command cat /dev/urandom produces a very fast output. This is to be expected. However, I noticed on my fresh install of Fedora 20, that they both produce very fast outputs.

Is there a problem with /dev/random on Fedora 20? Why is the output so fast? /dev/random seems to be behaving the same as /dev/urandom, and this is a serious security concern if you rely on /dev/random for producing GPG and SSL keys! Does anybody know why this is in Fedora 20?

edit retag flag offensive close merge delete

Comments

it could be that your machine has a hardware entropy device, and rngd found it in the latest release?

randomuser gravatar imagerandomuser ( 2013-12-31 10:39:13 -0600 )edit

4 Answers

Sort by ยป oldest newest most voted
1

answered 2014-03-21 05:07:42 -0600

jjelen gravatar image

FYI, this is change in kernel v3.13-rc1: http://o.cs.uvic.ca:20810/perl/cid.pl?cid=6265e169cd313d6f3aad3c33d0a5b0d9624f69f5

since Fedora uses this kernel, it is affected. I don't exactly know how it works, but it fills random pool with some extra entropy.

edit flag offensive delete link more
1

answered 2014-01-01 12:55:57 -0600

mattman5 gravatar image

updated 2014-01-01 12:59:00 -0600

I'll explain why it's a security concern. I have NEVER seen /dev/random output that fast before. I measured it output 1.5MB in 5 seconds. That's about 1000 times faster than on other distros. I'm concerned it might be outputting pseudorandom data like /dev/urandom instead of gathering entropy from kernel interrupts, mouse movements, disk activity, etc...

That said, I measured /dev/urandom to output about 80MB in that same 5 seconds. So maybe my concerns are not valid. But /dev/random does still seem suspiciously fast. I have never seen the kernal gather entropy that quickly before. I just hope the GPG keys I generated on this installation of Fedora are safe :/

Can anyone else reproduce this on Fedora 20? just do cat /dev/random > file and let that run for 5 seconds before closing the terminal

edit flag offensive delete link more

Comments

Without a hardware RNG, it couldn't possibly gather entropy that fast.

mattman5 gravatar imagemattman5 ( 2014-01-01 12:57:06 -0600 )edit

I get about 450 bytes after 5 seconds.

catanzaro gravatar imagecatanzaro ( 2014-01-02 17:55:47 -0600 )edit

If you do not have a hardware RNG, then 'systemctl status rngd' should have a failed status. FWIW /dev/urandom is about 100000x faster than /dev/random on my F20 machine.

catanzaro gravatar imagecatanzaro ( 2014-01-02 18:03:15 -0600 )edit

@jjelen - good find, convert to answer please!

randomuser gravatar imagerandomuser ( 2014-04-17 00:16:30 -0600 )edit
1

answered 2014-05-04 02:16:56 -0600

Try catting /proc/cpuinfo. If you use Intel CPU(s) and there's rdrand in flags, the CPU supports hardware random number generator, which is used by the kernel as an entropy source.

edit flag offensive delete link more
0

answered 2013-12-30 23:32:37 -0600

arr gravatar image

Please excuse the n00b question, but why is fast output from /dev/random a security concern?

edit flag offensive delete link more

Comments

it is not about the speed, but people doubt about the quality.

jjelen gravatar imagejjelen ( 2015-11-26 13:31:08 -0600 )edit

Question Tools

3 followers

Stats

Asked: 2013-12-29 20:58:54 -0600

Seen: 1,019 times

Last updated: May 04 '14