undefined | Better HN

0 pointsamluto3y ago0 comments

> you usually have your userspace PRNG sample getrandom() for some amount of time, after which it is considered initialized.

Who is “you”? Calling getrandom() extra times to get extra bits on the hope that the result is magically better is entirely useless.

0 comments

1 comments · 1 top-level

rogers184453y ago

There is no magic. If entropy got injected in between getrandom() calls you get that entropy - it does not matter if the entropy is cryptographically scrambled and 'merged' into the kernel PRNG state.

All you have to do is 'merge'/'absorb' multiple getrandom() results over some time t into your userspace PRNG, with t big enough to allow for multiple reseeding events by the kernel. You are in effect getting samples of the new entries into the kernel entropy pool indirectly by doing this, sampling too frequently is wasteful however as you are just going to be sampling the kernel CSRPNG with the same entropy in its state most of the time.

Doing the above is actually the only way to properly seed your userspace CSPRNG if your userspace CSPRNG has a state larger than the kernel CSPRNG (kernel's is 512 bits I believe) otherwise you will be working with a 512 bits of entropy as an absolute maximum even if your CSPRNG is capable of holding more, at least until reseeding (both the kernel and the userspace PRNG).

j / k navigate · click thread line to collapse