If it would be really the same, then /dev/random would be a symlink to /dev/urandom or vice versa.
As already quoted above, the updated manpage it’s still saying:
/dev/random is suitable for applications that need high quality randomness, and can afford indeterminate delays.
And it is up to the kernel to maintain this manpage.
Also also it’s possible to look up the source code on how /dev/random versus /dev/urandom is actually implemented in the Linux kernel. Documented just now:
Dunno. I would need to research attacks in the wild that can do this.
Yes There has been a setting to rate limit the entropy available to the guest. I made use of it in the past and you may be able to access it in the git history log.
Moreover, the quotes from the /dev/random page you’re quoting don’t really give the impression of the improvement I’ve been reading elsewhere. The whole point of the work on the crypto subsystem was to make both of them have functional and security parity and to remove the need for performance limits set by /dev/random.
Then the correct solution would be /dev/random + rate limits.
All the write-ups are smoke and mirrors, secondary. The source code is the primary source of truth and clearly shows different code paths for /dev/random and /dev/urandom.
The git commit is not so important as long as the rationale back then is known. Because I think it would be good to re-add the rate limit, which I am about to do.
My rationale for removing /dev/random + rate limit is that it was under the assumption that Linux upstream fixed the problems of safely seeding urandom on startup and its non-blocking nature made entropy plentiful and readily available that I didn’t think could be practically exhausted unlike the blocking /dev/random interface.
Also I noticed new VMs configs had switched out random for urandom.
What is the expected result: There should not be any noticeable differences. At worst the XML would be invalid and the VMs no longer starting. Unlikely but better to test this now than noticing it after the next release.
These comments might be lost after importing (virsh define) the VMs, which is non-ideal. However, even if we could just comment better the XML files that would be helpful.
Since we have 4 VM XM files (which are Kicksecure.xml Whonix-Gateway.xml Whonix-Workstation.xml Whonix-Custom-Workstation.xml), I was wondering if we should either copy/paste the same comments that apply to all VM’s XML files or limit the comments to 1 file (such as Kicksecure.xml).
Another option would be to have a XML file template and generate the other XML files based on it. But that could be more difficult to understand. So not using that.
What kind of comments need adding? For instance, consider this setting:
<memballoon model='none'/>
Why is memory ballooning disabled? Seems to be a nice feature that a VM only uses as much RAM as it needs and gives unneeded RAM back to the host. The reason is documented here: Dev/KVM, memory balloon
I would guess it’s an opinion based on secondary write-ups, not based on reading the actual kernel source code.
We’ll comment there as well to point that out.
Before trying to make the point by showing to anyone who writes a short comment, please try reading the actual kernel source code. There’s no need to to really understand what’s happening there but it’s obvious that it’s not the same thing.
Falling short of reading the source code, try looking at random.c kernel source code to just read the source code comments might suffice as well.
Reading from /dev/random has the same functionality as calling
getrandom(2) with flags=0.
Reading from /dev/urandom has the same functionality as calling
getrandom(2) with flags=GRND_INSECURE. Because it does not block
waiting for the RNG to be ready, it should not be used.