summary refs log tree commit diff
path: root/doc/s6-fillurandompool.html
blob: c07b0f474f8edf2775486fabe72d4da6b9994e11 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta http-equiv="Content-Language" content="en" />
    <title>s6-linux-utils: the s6-fillurandompool program</title>
    <meta name="Description" content="s6-linux-utils: the s6-fillurandompool program" />
    <meta name="Keywords" content="s6 linux administration root utilities random urandom /dev/urandom entropy pool getrandom getentropy" />
    <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> -->
  </head>
<body>

<p>
<a href="index.html">s6-linux-utils</a><br />
<a href="//skarnet.org/software/">Software</a><br />
<a href="//skarnet.org/">skarnet.org</a>
</p>

<h1> The <tt>s6-fillurandompool</tt> program </h1>

<p>
<tt>s6-fillurandompool</tt> blocks until the machine's
<tt>/dev/urandom</tt> entropy pool is filled up. Then it exits.
</p>

<h2> Interface </h2>

<pre>
     s6-fillurandompool
</pre>

<h2> Rationale </h2>

<p>
 For some reason, Linux has <em>two</em> separate entropy pools: one for
<tt>/dev/random</tt> and one for <tt>/dev/urandom</tt>.
</p>

<p>
 Reading from <tt>/dev/random</tt> blocks when its entropy pool is
not full enough, so it will never return weak random data. (Reading
from <tt>/dev/random</tt> is overkill anyway, and
<a href="https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/">you
should not be doing it.</a>)
</p>

<p>
 However, reading from <tt>/dev/urandom</tt> (which
<a href="https://www.2uo.de/myths-about-urandom/">you should be doing</a>)
will not block, even though the entropy pool may not have been
initialized yet. That's the only insecure thing about it: at boot time,
<tt>/dev/urandom</tt> may return weak random data, until its entropy
pool has filled up.
</p>

<p>
 <tt>s6-fillurandompool</tt> is meant to address this issue. Call it once
early on in your boot scripts, before you need any serious random data;
when it exits, the <tt>/dev/urandom</tt> pool has been properly initialized,
and it is now safe to read from <tt>/dev/urandom</tt> every time you need
random data, until the machine shuts down.
</p>

<h2> Notes </h2>

<ul>
 <li> <tt>s6-fillurandompool</tt> will only work on a Linux kernel version
3.17 or later: this is when the
<a href="https://man7.org/linux/man-pages/man2/getrandom.2.html"><tt>getrandom()</tt></a>
system call, which it internally uses, has been implemented. </li>
</ul>

</body>
</html>