Linux – How to point /dev/random to /dev/urandom

linux

I have a server that cannot generate enough entropy to support /dev/random. The particular piece of software having problems can't be configured to use /dev/urandom.

I tried moving /dev/random to /dev/realrandom and symlinking /dev/random to /dev/urandom, but lsof /dev/realrandom still shows processes using it.

In Does 'urandom' share the same entropy of 'random'?, the suggestion is to use mknod /dev/random 1 9. Will this hold across restarts? Should I be using udev somehow?

Best Answer

All you need to do is to create something like /etc/udev/rules.d/70-disable-random-entropy-estimation.rules with the following contents:

# /etc/udev/rules.d/70-disable-random-entropy-estimation.rules
# Disables /dev/random entropy estimation (it's mostly snake oil anyway).
#
# udevd will warn that the kernel-provided name 'random' and NAME= 'eerandom'
# disagree.  You can ignore this warning.

# Use /dev/eerandom instead of /dev/random for the entropy-estimating RNG.
KERNEL=="random", NAME="eerandom"

# Remove any existing /dev/random, then create symlink /dev/random pointing to
# /dev/urandom
KERNEL=="urandom", PROGRAM+="/bin/rm -f /dev/random", SYMLINK+="random"

Related Solutions

Linux – Does ‘urandom’ Share the Same Entropy as ‘random’?

At the end of the day, what urandom gives you may well be implementation-specific, but the man page says that it will use the available entropy if it's there, and only fall back to the PRNG when it runs out of entropy. So if you have enough entropy, you should get as good a result as if you'd used random instead.

But, and this is a big but: You have to assume you're getting a purely pseudo-generated value with no genuine entropy at all, because the entropy pool may be empty. Therefore, you have to treat urandom as a PRNG, even though it may do better than that in any given situation. Whether it does is not deterministic (within the confines of your code) and you have to expect that the worst case will apply. After all, if you were sure there's enough entropy in the pool, you'd use random, right? So the act of using urandom means you're okay with a PRNG, and that means a potentially, theoretically crackable result.

Linux – Why does `cat /dev/urandom` break your terminal

While there are your normal, printable ASCII characters that are sent back and forth on a terminal, there are also many unprintable characters that are used for the system to communicate with the terminal. For example, if a program sends the character 0x07 ("ASCII Bell character"), your terminal should beep.

Other special sequences can be used to change the color of text being displayed, which direction it's displayed, the title of the window, the size of the window, etc., among many other things.

When you

cat /dev/urandom

A bunch of random characters are dumped to your terminal, and the terminal can't tell that it's not real control codes.

Because the program is effectively sending random commands to the terminal, the terminal ends up in a random, often unusable state.

Best Answer

Related Solutions

Linux – Does ‘urandom’ Share the Same Entropy as ‘random’?

Linux – Why does `cat /dev/urandom` break your terminal

Related Question