I'm facing a problem with dovecot 1.0 test-59; ever since I installed it and use it my random pool is always depleted whenever someone opens an imap connection. This wouldn't be too bad if the machine was used interactively, but since it is not and other services read directly from /dev/random those are sometimes blocked due to dovecot depleting the pool by reading /dev/urandom. Thus my question: is it really necessary to use random numbers from /dev/urandom for temporary filenames? And even if, couldn't it use less? It apparently uses 8 bytes every time. johannes
On Thu, 2004-12-30 at 13:54 +0100, Johannes Berg wrote:> I'm facing a problem with dovecot 1.0 test-59; ever since I installed it > and use it my random pool is always depleted whenever someone opens an > imap connection. This wouldn't be too bad if the machine was used > interactively, but since it is not and other services read directly from > /dev/random those are sometimes blocked due to dovecot depleting the > pool by reading /dev/urandom.I thought /dev/urandom didn't affect /dev/random? Guess I was wrong. Or is this Linux?> Thus my question: is it really necessary to use random numbers from > /dev/urandom for temporary filenames? And even if, couldn't it use less? > It apparently uses 8 bytes every time.I guess I could add random_weak_fill() function which they use, which would basically call just rand(). Other things that use randomness are non-plaintext authentication mechanisms, maybe most importantly APOP, which if enabled reads 16 bytes for every POP3 login even if it's not using APOP. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20041231/878a182a/attachment-0001.bin>
Timo Sirainen wrote:> I thought /dev/urandom didn't affect /dev/random? Guess I was wrong. > Or is this Linux?Yes, it is Linux.>I guess I could add random_weak_fill() function which they use, which >would basically call just rand(). > >I think that'd be enough for temporary files, wouldn't it?>Other things that use randomness are non-plaintext authentication >mechanisms, maybe most importantly APOP, which if enabled reads 16 bytes >for every POP3 login even if it's not using APOP. > >That's ok, it only happens once a while, that is what we have the random pool for. I just think that depleting it for just a few temporary files is a bit overkill (I don't think you really need very good randomness for that) johannes
Timo Sirainen wrote:>I thought /dev/urandom didn't affect /dev/random? Guess I was wrong. Or >is this Linux? > >I just checked the netbsd source code, and afaict the same thing will happen there. http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/rndpool.c?rev=1.17&content-type=text/x-cvsweb-markup rndpool_extract_data is called with mode set to RND_EXTRACT_ANY johannes
Reasonably Related Threads
- [PATCH net-next] vhost_net: do not stall on zerocopy depletion
- [PATCH net-next] vhost_net: do not stall on zerocopy depletion
- Depletion of small p values upon iterative testing of identical normal distributions
- [PATCH net-next] vhost_net: do not stall on zerocopy depletion
- [PATCH net-next] vhost_net: do not stall on zerocopy depletion