[Discuss] Failing WD Disks

Kent Borg kentborg at borg.org
Thu May 18 18:13:27 EDT 2023 

On 5/18/23 13:03, Kent Borg wrote:
> (Pretty sure /dev/random and /dev/urandom are now exactly the same.)

Nope, I was wrong.

If my quick check is correct, /dev/random and /dev/urandom are still 
different: they are now what they always were, but not so broken.

As I understand it, the Linux random number generator has always 
produced high quality data*, but its entropy accounting has bad to 
terrible. (And at one point the maintainer-of-the-day was busily turning 
off every entropy source he could get his hands on because he didn't 
know how much the entropy each was worth, therefore it must be bad. Sheesh!)

One important feature: the new code worries about whether the random 
number generator has been initialized yet or not.

The advice used to be:

  - If you need really, really good random data, and you need a lot of 
it, you might have
    to wait very long awhile…are you sure /dev/urandom isn't good enough?
  - If you merely need really good random data, make sure your pool is 
initialized and
    /dev/urandom will be fine.

Testing on my laptop, with a recent-ish kernel, dd-ing a 100GB to 
/dev/null, they are both the same speed. The new code gets entropy from 
interrupts, and I guess there is enough interrupt activity on my machine 
to keep the pool happy. A Raspberry Pi 4 doing the same test and it it 
slower than my laptop, but both devices are the same speed on the Pi.

So I think the new advice is:

   - Unless you are on some odd embedded device with no network, and not 
much other
    interrupt activity, use /dev/random. (Test it, see if it is fast 
enough for you, if it blocks
    understand why.)

Reading the new random.c I am disappointed. The old version had 
extensive comments explaining how it worked. But these days comments are 
out of style. If the code is clear enough to the computer running it, it 
should be clear enough to a new programmer trying to understand it. Grrr.

-kb


* "High quality data": Once the pool entropy has been initialized with 
good entropy, /dev/urandom has probably always been good enough for any 
use. As long as (1) the entropy pool was initialized, and as long as 
there was (2) new data regularly added to the entropy, and as long as 
(3) some of those bits were good.

More information about the Discuss mailing list