Bug 832531 - Inappropriate use of /dev/urandom
Summary: Inappropriate use of /dev/urandom
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora Documentation
Classification: Fedora
Component: security-guide
Version: devel
Hardware: All
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: eric
QA Contact: Fedora Docs QA
URL:
Whiteboard:
Depends On:
Blocks: 834463
TreeView+ depends on / blocked
 
Reported: 2012-06-15 16:34 UTC by Richard Ryniker
Modified: 2012-06-21 22:41 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 834463 (view as bug list)
Environment:
Last Closed: 2012-06-21 21:27:22 UTC
Embargoed:


Attachments (Terms of Use)
Small C program to quickly generate large amounts of random data. (1.04 KB, text/plain)
2012-06-15 16:39 UTC, Richard Ryniker
no flags Details
Patch removing dd and adding scrub as a solution. (2.51 KB, patch)
2012-06-15 20:19 UTC, eric
no flags Details | Diff
Patch removing dd and adding scrub as a solution. (2.50 KB, patch)
2012-06-15 20:32 UTC, eric
no flags Details | Diff

Description Richard Ryniker 2012-06-15 16:34:55 UTC
Description of problem:

http://docs.fedoraproject.org/en-US/Fedora/16/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html

advises:

Fill your partition with random data: dd if=/dev/urandom of=/dev/VG00/LV_home This process takes many hours to complete.

According to the man page for urandom, the kernel random number generator (/dev/random and /dev/urandom) is intended to supply a small number of bytes of high-quality random data.  It is far too expensive to use for the massive quantities of data needed to initialize disk partitions before encrypted filesystems are created there.

An appropriate use of /dev/urandom would be to obtain a seed value to use as the argument for the C library srand function, then call the rand function for the large amounts of noise needed to initialize a disk.

With disk capacities of multiple terabytes, /dev/urandom could literally take months to generate the necessary amount of data.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Richard Ryniker 2012-06-15 16:39:38 UTC
Created attachment 592185 [details]
Small C program to quickly generate large amounts of random data.

Comment 2 eric 2012-06-15 16:42:35 UTC
(In reply to comment #1)
> Created attachment 592185 [details]
> Small C program to quickly generate large amounts of random data.

It would be better, IMO, to use commands that are already in Fedora than to create a separate program.  I do agree that we should use something other than urandom, though.

Comment 3 Richard Ryniker 2012-06-15 17:35:43 UTC
(In reply to comment #2)
I agree, but what command?  I thought I could write a suitable program more quickly than I might find one, and wished to illustrate an appropriate use of /dev/urandom.

Perhaps a reader will suggest a good command for this purpose, something like a feature in palimpsest (or some other application already packaged for Fedora) that efficiently performs this function.

The Security Guide should be changed.  That is the purpose of this report.  Until a good idea is developed for what the Security Guide ought to say, my attachment may help users understand and avoid the days or weeks the current instructions may require to complete.

Comment 4 eric 2012-06-15 17:57:54 UTC
(In reply to comment #3)
> The Security Guide should be changed.  That is the purpose of this report. 
> Until a good idea is developed for what the Security Guide ought to say, my
> attachment may help users understand and avoid the days or weeks the current
> instructions may require to complete.

If you package that program you wrote I'll happily add it to the SG.

Comment 5 eric 2012-06-15 19:40:25 UTC
I believe we can use 'scrub' to lay down the random bits.  I'm going to do some addtional research on this and see if this is an acceptable replacement.

Comment 6 eric 2012-06-15 20:19:59 UTC
Created attachment 592223 [details]
Patch removing dd and adding scrub as a solution.

I've created this patch as a recommendation to use scrub instead of dd.

Comment 7 eric 2012-06-15 20:32:07 UTC
Created attachment 592226 [details]
Patch removing dd and adding scrub as a solution.

Fixed a DocBook XML tag.

Comment 8 Richard Ryniker 2012-06-15 21:50:50 UTC
"scrub" should do it.  Thank you.

Comment 9 eric 2012-06-21 21:27:22 UTC
This will be included in the F17 release of the SG.


Note You need to log in before you can comment on or make changes to this bug.