mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

/dev/random is not necessary in git-annex

Browse source
This commit is contained in:
anarcat 2018-05-17 17:38:41 +00:00 committed by admin
parent fc68caa435
commit fce32e6cd4
1 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
doc/todo/do_not_block_on_crypto_key_generation.mdwn Normal file
View file

@ -0,0 +1,20 @@
While trying to reproduce a [[problem with the gcrypt remote|bugs/gcrypt_repository_not_found]], I found that the `encryption step` can hand on this gpg command:
gpg --batch --no-tty --use-agent --quiet --trust-model always --gen-random --armor 2 512
I think that "depletes the entropy pool", as witnessed by the state of the kernel entropy pool in `/proc/sys/kernel/random/entropy_avail`. As it turns out, `--gen-random 2` reads bytes from `/dev/random` and, indeed, by default that pool is 4096 bits large so the above command completely drains that pool to zero because it creates a 4096 bit (512 bytes * 8) key. It can take several minutes to "refill" the pool, which means batch-creating keys like this can take forever and also have an impact on other components of the system which rely on the kernel random number generator.
Using `/dev/random` in that way is a somewhat controversial practice. Indeed, [some people recommend using urandom for all purposes](https://www.2uo.de/myths-about-urandom/), including secret key material generation.
From what I understand `urandom` and `random` basically use the same entropy source on Linux: the only difference is the latter blocks when it "thinks" it does not have enough entropy. But this (running out of entropy, not "thinking" that we do) basically never happens on Linux systems unless we are on the very first boot after an install. Because it's unlikely that git-annex will run on such an environment, I would discourage the use of `--gen-random 2` in git-annex.
I strangely could not find out *where* exactly gpg is called in that way. All i could find was Util.Gpg.genRandom but that seems to hardcode `--gen-random 1`, not `2`, so I don't exactly know what's going on here. But I'm pretty sure it's git-annex calling it:
anarcat 12745 0.3 0.2 1074098148 36304 pts/6 Sl+ 13:34 0:00 \_ /usr/bin/git-annex initremote encrypted type=gcrypt gitrepo=/home/anarcat/tmp/b keyid=8DC901CE64146C048AD50FBB792152527B75921E
anarcat 12753 0.0 0.0 16028 3652 pts/6 S+ 13:34 0:00 \_ git --git-dir=.git --work-tree=. --literal-pathspecs cat-file --batch
anarcat 12754 0.0 0.0 16028 3308 pts/6 S+ 13:34 0:00 \_ git --git-dir=.git --work-tree=. --literal-pathspecs cat-file --batch-check=%(objectname) %(objecttype) %(objectsize)
anarcat 12756 0.0 0.0 33476 3784 pts/6 SL+ 13:34 0:00 \_ gpg --batch --no-tty --use-agent --quiet --trust-model always --gen-random --armor 2 512
I was hoping this was something git-remote-gcrypt would be doing, but it's not: this is git-annex calling. Maybe some off-by-one conversion error somewhere?
Thank you for your time... -- [[anarcat]]