/dev/random vs. /dev/urandom and the krb5 test suite

Sam Hartman hartmans at MIT.EDU
Mon Jun 22 16:51:43 EDT 2009

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> * There isn't much operational reason why you'd want to
    Greg> suppress the use of /dev/random in favor of /dev/urandom for
    Greg> all keys.  There was one report (from iastate) of a case
    Greg> where a server was so random-starved as to be unable to
    Greg> start kadmind, but using /dev/urandom in that case would be
    Greg> dangerous because the amount of entropy present might be so
    Greg> low as to be attackable.  So we are talking purely about an
    Greg> option to be used to make the test suite friendlier to hosts
    Greg> with limited amounts of /dev/random entropy.

It turns out we've seen this in a number of cases in Debian.  It's
generally acceptable to hold off starting up kadmind until the entropy
pool fills.  However it's generally not acceptable to Debian's users
to block the system initialization process until that happens.

The problem was fixed by seeding the PRNG from /dev/random after
kadmind forks.  I believe that was pushed upstream.

More information about the krbdev mailing list