#14937: Tiny chunks of entropy from /dev/urandom when using virtio RNG
------------------------+----------------------------
Reporter: kallisti5 | Owner: nobody
Type: bug | Status: new
Priority: normal | Milestone: Unscheduled
Component: Drivers | Version: R1/Development
Resolution: | Keywords: urandom
Blocked By: | Blocking:
Platform: All |
------------------------+----------------------------
Comment (by pulkomandy):
OpenBSD implementation for reference: http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/sys/dev/rnd.c?rev=1.221&content-type=text/x-cvsweb-markup
Key differences:
- Our CSPRNG is Yarrow (it was used by FreeBSD and Apple, they both
switched to Fortuna). OpenBSD uses ChaCha20.
- Our single entropy source is kernel scheduling by calling thread_yield
and reading system_time. OpenBSD uses a mix of previous boot randomness
(stored on disk and reloaded at boot), randomness from the bootloader,
hardware RNG is available, device probing, and interrupt timings
The architecture is otherwise generally the same. I don't know how it took
so long for Linux to do it as well. Yet again one thing we got right long
before them.
What we need is connect more entropy sources, and perhaps switching to a
different CSPRNG algorithm. But we already use the correct model in the
default case.
With virtio, however, the way things were done is that we rely completely
on the host to provide randomness. We should change that so virtio is only
an entropy source used to seed our own CSPRNG.
--
Ticket URL: <https://dev.haiku-os.org/ticket/14937#comment:9>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.
