Dd if=/dev/random is ‘randomly’ bottlenecked with BIG time lags, but I have no idea why

performancerandom

I get wildly different real times when I run the following command.

dd if=/dev/random bs=1k count=1

It doesn' happen for if=/dev/null, nor does it happen for if=/dev/urandom

I've run it 500 times. Here are the general stats (per call). The times are in seconds.

Minimum   Maximum  Average   Median
00.002    89.999   4.50402   2.275

Does anyone have any suggestions about why this may be happening?
The system is Ubuntu 10.04 desktop. Bash version is 4.1.5(1)
It also shows the similar wild fluctuations in a VirtualBox VM running the same version of Ubuntu.

Here is the actual test code

cp /dev/null "$HOME/dd-random.secs" 
for ((i=100;i<=500;i++)); do
    if   ((i<10))  ;then zi="00$i"
    elif ((i<100)) ;then zi="0$i"
    else                 zi="$i"
    fi 
    echo -ne "$zi\t" >>"$HOME/dd-random.secs"
    exec 3>/dev/null 4>/dev/null
        { time { dd if=/dev/random bs=1k count=1; } 1>&3 2>&4; } 2>&1 |tail -n 3|tr 'm\n' '\t' |sed -re "s/([0-9])s/\1/g" >>"$HOME/dd-random.secs" 
    exec 3>&- 4>&-
    echo >>"$HOME/dd-random.secs"
done

Best Answer

That's exactly the difference between /dev/random and /dev/urandom -- random uses the entropy pool, which gathers noise from a bunch of sources and keeps track of "how much" noise is currently in the pool, so random knows how much high-quality randomness it can generate. Since the entropy pool has a finite amount of noise, reading from random might need to block if there isn't enough entropy available. urandom never blocks, but you might get "less random" data from it.

From the random(4) man page:

When read, the /dev/random device will only return random bytes within the estimated number of bits of noise in the entropy pool. /dev/random should be suitable for uses that need very high quality randomness such as one-time pad or key generation. When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered.

A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver.

Related Solutions

Linux dd Command – Why Does dd from /dev/random Give Different File Sizes?

You're observing a combination of the peculiar behavior of dd with the peculiar behavior of Linux's /dev/random. Both, by the way, are rarely the right tool for the job.

Linux's /dev/random returns data sparingly. It is based on the assumption that the entropy in the pseudorandom number generator is extinguished at a very fast rate. Since gathering new entropy is slow, /dev/random typically relinquishes only a few bytes at a time.

dd is an old, cranky program initially intended to operate on tape devices. When you tell it to read one block of 1kB, it attempts to read one block. If the read returns less than 1024 bytes, tough, that's all you get. So dd if=/dev/random bs=1K count=2 makes two read(2) calls. Since it's reading from /dev/random, the two read calls typically return only a few bytes, in varying number depending on the available entropy. See also When is dd suitable for copying data? (or, when are read() and write() partial)

Unless you're designing an OS installer or cloner, you should never use /dev/random under Linux, always /dev/urandom. The urandom man page is somewhat misleading; /dev/urandom is in fact suitable for cryptography, even to generate long-lived keys. The only restriction with /dev/urandom is that it must be supplied with sufficient entropy; Linux distributions normally save the entropy between reboots, so the only time you might not have enough entropy is on a fresh installation. Entropy does not wear off in practical terms. For more information, read Is a rand from /dev/urandom secure for a login key? and Feeding /dev/random entropy pool?.

Most uses of dd are better expressed with tools such as head or tail. If you want 2kB of random bytes, run

head -c 2k </dev/urandom >rand

With older Linux kernels, you could get away with

dd if=/dev/urandom of=rand bs=1k count=2

because /dev/urandom happily returned as many bytes as requested. But this is no longer true since kernel 3.16, it's now limited to 32MB.

In general, when you need to use dd to extract a fixed number of bytes and its input is not coming from a regular file or block device, you need to read byte by byte: dd bs=1 count=2048.

Linux – Why writing to /dev/random does not make parallel reading from /dev/random faster

You can write to /dev/random because it is part of the way to provide extra random bytes to /dev/random, but it is not sufficient, you also have to notify the system that there is additional entropy via an ioctl() call.

I needed the same functionality for testing my smartcard setup program, as I did not want to wait for my mouse/keyboard to generate enough for the several calls to gpg that were made for each test run. What I did is to run the Python program, which follows, in parallel to my tests. It of course should not be used at all for real gpg key generation, as the random string is not random at all (system generated random info will still be interleaved). If you have an external source to set the string for random, then you should be able to have high entropy. You can check the entropy with:

cat /proc/sys/kernel/random/entropy_avail

The program:

#!/usr/bin/env python
# For testing purposes only 
# DO NOT USE THIS, THIS DOES NOT PROVIDE ENTROPY TO /dev/random, JUST BYTES

import fcntl
import time
import struct

RNDADDENTROPY=0x40085203

while True:
    random = "3420348024823049823-984230942049832423l4j2l42j"
    t = struct.pack("ii32s", 8, 32, random)
    with open("/dev/random", mode='wb') as fp:
        # as fp has a method fileno(), you can pass it to ioctl
        res = fcntl.ioctl(fp, RNDADDENTROPY, t)
    time.sleep(0.001)

(Don't forget to kill the program after you are done.)

Best Answer

Related Solutions

Linux dd Command – Why Does dd from /dev/random Give Different File Sizes?

Linux – Why writing to /dev/random does not make parallel reading from /dev/random faster

Related Question