The standard version of SSP uses /dev/urandom directly. When a whole system is
built with SSP this tends to consume all the kernel entropy. /dev/erandom is
reccomended [sic] for SSP to conserve kernel entropy.
Frandom stands for "fast random". Erandom stands for "economical random".
They both use the arcfour algorithm
The /dev/erandom device uses the constantly changing state of frandom's pool,
in a read-only mode, for entropy. /dev/erandom consumes no entropy from
/dev/random, and is ideal for applications that want to open the device
thousands of times, such as Stack Smashing Protector.
---
So it seems that if every executable is going to use the GCC SSP feature perhaps /dev/urandom is not the best source for random numbers. It could use /dev/erandom if that device was available. And it seems it would be useful to use for random data overwrites where /dev/urandom is too slow.
More information:
--- www.linuxfromsc ratch.org/ hints/downloads /files/ ssp.txt
http://
The standard version of SSP uses /dev/urandom directly. When a whole system is
built with SSP this tends to consume all the kernel entropy. /dev/erandom is
reccomended [sic] for SSP to conserve kernel entropy.
--- www.linuxfromsc ratch.org/ hints/downloads /files/ entropy. txt
http://
Frandom stands for "fast random". Erandom stands for "economical random".
They both use the arcfour algorithm
The /dev/erandom device uses the constantly changing state of frandom's pool,
in a read-only mode, for entropy. /dev/erandom consumes no entropy from
/dev/random, and is ideal for applications that want to open the device
thousands of times, such as Stack Smashing Protector.
---
So it seems that if every executable is going to use the GCC SSP feature perhaps /dev/urandom is not the best source for random numbers. It could use /dev/erandom if that device was available. And it seems it would be useful to use for random data overwrites where /dev/urandom is too slow.