Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install

To: Ben Hutchings <ben@decadent.org.uk>
Cc: 736126@bugs.debian.org
Subject: Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
From: Jeffrey Walton <noloader@gmail.com>
Date: Mon, 20 Jan 2014 08:50:22 -0500
Message-id: <[🔎] CAH8yC8koURpPWVtzFDxqsjGJ3k9XmSKgo560sKj_YNMzz=0jzw@mail.gmail.com>
Reply-to: noloader@gmail.com, 736126@bugs.debian.org
In-reply-to: <[🔎] 1390224820.3651.82.camel@deadeye.wl.decadent.org.uk>
References: <20140120092217.GC12357@loar> <CAH8yC8k2wPM6Ukv8MqvLHMrU1ePLrDRkXJLNBsURg8WcD9-aFw@mail.gmail.com> <[🔎] handler.s.B736126.139021022317710.transcript@bugs.debian.org> <[🔎] 1390224820.3651.82.camel@deadeye.wl.decadent.org.uk>

On Mon, Jan 20, 2014 at 8:33 AM, Ben Hutchings <ben@decadent.org.uk> wrote:
> noloader@gmail.com wrote:
>> I installed Debian 7.3 x64 on a Core i5 laptop for some testing (real
>> hardware, not a VM). When testing a program I wrote, I noticed it was
>> not getting the full number of bytes requested from /dev/random:
>>
>>     unsigned char buffer[32];
>>     fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
>>
>>     rc = (int)read(fd, buffer, sizeof(buffer));
>>     assert(rc == sizeof(buffer));
>>
>>     RAND_add(buffer, sizeof(buffer), 1.0f);
>>     OPENSSL_cleanse(buffer, sizeof(buffer));
>>
>> The assert fired on nearly every run, including the first run when no
>> previous calls were made by the test program. The number of bytes
>> returned varied, but they included 7, 12, 16, and 19. That's really
>> bad for a request of 32 bytes, and it would be catastrophic for a
>> request of 128-bytes or 256-bytes for a long term private key.
> [...]
>
> This is catastrophic only if people don't RTFM about read().  Yes, it
> can return a short length.  You must call it again if you want more.
> (This doesn't normally happen with regular files, although it will if
> you specify a length >= (1U << 31).)
The root cause of the failure is the system, not the programmer or
user. Read performed as expected, but the problem was with the device.
The device could not provide a trivial number of bytes at the time of
the request.

Asking the programmer or user to recover from the system's short
comings is simply passing the buck, weakening security, and hurting
users.

To play devil's advocate: how can Debian ensure that bytes are
available under most use cases?

a) provide an entropy gatherer so depletion almost never happens
b) tell the programmer to RTFM and block on the device
c) tell the programmer to RTFM and accept fewer bytes
d) tell the programmer to RTFM and repeatedly call read
e) tell the user to RTFM, audit source code, and reject deficient source code
f) tell the user to RTFM and and install an entropy gatherer so
depletion almost never happens

Which seems like the best choice here?

Jeff

Reply to:

Follow-Ups:
- Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
Next by Date: Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
Previous by thread: Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
Next by thread: Bug#736126: Processed: Re: Bug#736126: /dev/random entropy depletion on a fresh install
Index(es):
- Date
- Thread