This is the mail archive of the
cygwin
mailing list for the Cygwin project.
/dev/random does not block, emits poor entropy
- From: starlight dot 2013z3 at binnacle dot cx
- To: cygwin at cygwin dot com
- Date: Wed, 18 Sep 2013 14:19:10 -0400
- Subject: /dev/random does not block, emits poor entropy
- Authentication-results: sourceware.org; auth=none
Hello,
While poking around TRNG quality I came
across this apparent issue:
/dev/random does not block, emits poor entropy
Running 1.7.17 but see no updates in the
1.7.18 thru 1.7.25 Changelog entries
regarding /dev/random.
Due to 'argp' library issues I could not
compile 'rngtest' under Cygwin. Worked
around it by running
netcat -l -p 8989 172.29.88.18 </dev/random
on the Windows side and
ncat 172.29.88.10 8989 | rngtest -t 10
on the Linux machine. Output looks like
rngtest: FIPS tests speed: (min=389.946; avg=74898.778; max=94811.893)Kibits/s
rngtest: Program run time: 60032020 microseconds
rngtest: bits received from input: 3088523264
rngtest: FIPS 140-2 successes: 154295
rngtest: FIPS 140-2 failures: 131
rngtest: FIPS 140-2(2001-10-10) Monobit: 17
rngtest: FIPS 140-2(2001-10-10) Poker: 15
rngtest: FIPS 140-2(2001-10-10) Runs: 53
rngtest: FIPS 140-2(2001-10-10) Long run: 47
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=393.292; avg=188386.332; max=887784.091)Kibits/s
rngtest: FIPS tests speed: (min=389.946; avg=74949.192; max=94811.893)Kibits/s
rngtest: Program run time: 69528238 microseconds
which I think would qualify as "not great."
Is similar to what I see when running
rngtest -t 10 /dev/urandom
on Linux.
My guess is that the /dev/random driver needs an
adjustment to block when the MS crypto function
calls indicate a lack of available entropy
--assuming that the MS libraries support
entropy qualification of some kind.
I don't subscribe to the list (though I do
look at the archives), so please CC me
on any requests for my input.
Regards
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple