[Nix-dev] Why is rngd running by default?

Mathijs Kwik mathijs at bluescreen303.nl
Mon Dec 3 08:35:12 CET 2012


Shea Levy <shea at shealevy.com> writes:

> On 11/29/2012 02:00 AM, Mathijs Kwik wrote:
>
>     While at the subject of random number generation, I would like to plug the "frandom" package
>     (+kernel module), , as it has been very useful to me. It is available in NixOS through the use of
>     services.frandom.enable = true.
>    
>     It uses the kernel random device but provides an extremely fast /dev/frandom to use from
>     userspace (20x speedup compared to /dev/urandom on my system). This makes it the perfect source
>     for filling up disks before putting some full-disk-encryption on top of. 
>
> Something I've never understood about this technique... Why not just zero out the encrypted block
> device? Won't that make the underlying device look effectively random?

It should indeed.
I'm not a crypto expert at all, but I would think that knowing something
about the data that's encrypted might give some advantage for cracking
it. Also, if you choose to not zero out the full encrypted block
device, but first put some partitions/volumes in it, then zero those,
the fact you have these partitions/volumes might bleed through.

But like you say, it should just suffice. The only reason I do it like
this is because almost every howto states you should do it.

>
>     Failing to do so will make a disk vulnerable to forensic analysis, as untouched/empty spots
>     "shine through", but filling a 3TB disk with /dev/urandom just takes the fun out of your
>     newly-bought disk as it will take more than 3 days. frandom will do so in a matter of hours (for
>     non-ssd disks, disk write speed will be the bottleneck, making a wipe essentially as fast as
>     dd'ing with /dev/zero.).
>    
>     I understand rngd is about the opposite functionality (getting random into the kernel instead of
>     out), so this was probably a bit off-topic ;)
>
>     On Thu, Nov 29, 2012 at 1:08 AM, Peter Simons <simons at cryp.to> wrote:
>    
>         Hi Shea,
>        
>          > If your cpu doesn't support RdRand and you don't have either of those
>          > devices, rngd won't get triggered to start (and if it did, it would
>          > fail on startup).
>        
>         ah, I see. I didn't know about the RdRand CPU instruction. Thank you for
>         the explanation.
>        
>         Take care,
>         Peter
>        
>         _______________________________________________
>         nix-dev mailing list
>         nix-dev at lists.science.uu.nl
>         http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>     _______________________________________________
>     nix-dev mailing list
>     nix-dev at lists.science.uu.nl
>     http://lists.science.uu.nl/mailman/listinfo/nix-dev


More information about the nix-dev mailing list