Rapid depletion of entropy pool
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
I was noticing that on several of my servers the available entropy has been exceedingly low for the last 6-7 months. My guess is this problem began with Ubuntu 9.10 and continues in Ubuntu 10.04. I came across some useful information here:
http://
And I confirmed that running:
watch cat /proc/sys/
will rapidly deplete the entropy pool. But running the python script:
import sys, time
while True:
sys.stdout.
time.sleep(1)
will not rapidly deplete the entropy pool. This seems to support the hypothesis that entropy is being drained with each launch of a process which has been linked to the glibc randomized stack protector. Some information about that can be found here:
http://
As many people who have run virtual servers can attest, low entropy on a server can cause a number of difficult to diagnose performance problems as processes block trying to access /dev/random. Low entropy may also lead to a reduction in security for various cryptographic services.
I'm not an expert in these matters and have limited ability to test as many of my servers are running older versions but it does appear that those older versions do not have this behavior. This could also be a kernel issue but I thought I would start here and see if others can replicate this problem and help in diagnosing the issue.
security vulnerability: | yes → no |
visibility: | private → public |
Changed in glibc (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
affects: | glibc (Ubuntu) → linux (Ubuntu) |
Changed in linux (Ubuntu): | |
importance: | Wishlist → Undecided |
importance: | Undecided → Wishlist |
Changed in linux (Ubuntu): | |
status: | Invalid → Confirmed |
More information:
--- www.linuxfromsc ratch.org/ hints/downloads /files/ ssp.txt
http://
The standard version of SSP uses /dev/urandom directly. When a whole system is
built with SSP this tends to consume all the kernel entropy. /dev/erandom is
reccomended [sic] for SSP to conserve kernel entropy.
--- www.linuxfromsc ratch.org/ hints/downloads /files/ entropy. txt
http://
Frandom stands for "fast random". Erandom stands for "economical random".
They both use the arcfour algorithm
The /dev/erandom device uses the constantly changing state of frandom's pool,
in a read-only mode, for entropy. /dev/erandom consumes no entropy from
/dev/random, and is ideal for applications that want to open the device
thousands of times, such as Stack Smashing Protector.
---
So it seems that if every executable is going to use the GCC SSP feature perhaps /dev/urandom is not the best source for random numbers. It could use /dev/erandom if that device was available. And it seems it would be useful to use for random data overwrites where /dev/urandom is too slow.