4

I'm new to the /dev/random and /dev/urandom pipes in general and have an application calling from /dev/urandom which I'm attempting to inject entropy into. I'd prefer not to change the source for this application, but an additional process calling rngd -r /path/to/file from what I can tell appears to inject entropy into /dev/random and increment the size such that it can unblock.

Now my question is: will rngd -r /path/to/file inject into /dev/urandom in parallel to /dev/random or is it limited to /dev/random?

If the answer is no, is there a similar utility which will inject into /dev/urandom - or even better - prepend bits to it such that the machine's PRNG is bypassed with the random entropy entirely in userland?

CoryG
  • 143
  • 3

1 Answers1

5

On Linux at least, /dev/random and /dev/urandom are basically the same thing; more specifically they are both interfaces to the same internal RNG, called the Linux Random Number Generator (LRNG), that share an input entropy pool; the only difference between them is whether or not they block when the LRNG is at low entropy.

According to the man page for /dev/random:

Writing to /dev/random or /dev/urandom will update the entropy pool with the data written,

On the diagrams below, writing to either device from user space will go into the main input entropy pool that is shared by both output interfaces. (article).

In the current LRNG design, /dev/random/ and /dev/urandom each have their own output entropy pool and entropy counter:

Current Linux RNG design

There is also a 2020 paper by Stephan Müller (the linux kernel dev who maintains the LRNG) that brings /dev/random and /dev/urandom even closer by having them also share the same output pool (source article):

2020 proposal for Linux RNG design

Summary: Yes, rngd is adding entropy to both /dev/random and /dev/urandom.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • 1
    Thanks for the great answer. Going to wait a day before accepting in case it turns out to be incorrect but enjoy the upvote in the meantime. – CoryG Apr 17 '20 at 16:26
  • 1
    Actually writing to the dev files will be added to the pool but it does not adjust the estimates which in turn does not unblock. For this reason rngd does use the ioctl() instead, supplying a entropy estimate in addition https://kernel.googlesource.com/pub/scm/utils/kernel/rng-tools/rng-tools/+/870f0d5d2f06d778a49e35d3a5f55183e5c9b9c0/rngd_linux.c#124 – eckes Apr 18 '20 at 00:36
  • The article you linked before the diagram is called "New Approach" and dates 2020. How accurate is the diagram with regards to the _current_ state of the art? – Andrew Savinykh Apr 18 '20 at 04:08
  • @AndrewSavinykh Thanks for pointing that out! I've updated my answer to include both the current design, and Müller's proposal. – Mike Ounsworth Apr 18 '20 at 15:35