Subject: | _get_random_bytes() "wastes" entropy |
_get_random_bytes() uses read() to fetch random bytes from /dev/urandom. Although read() only stores as much bytes as requested in the destination buffer, it reads the data in chunks of 4 or 8 KiB (check with strace) which is a "waste" of entropy. It would be better to use sysread() instead. Find a patch attached.
Subject: | _get_random_bytes.patch |
--- CBC.pm.orig Thu Dec 12 12:40:01 2019
+++ CBC.pm Thu Dec 12 12:45:52 2019
@@ -1,5 +1,6 @@
package Crypt::CBC;
+use Errno;
use Digest::MD5 'md5';
use Carp;
use strict;
@@ -455,7 +456,12 @@
my $result;
if (-r RANDOM_DEVICE && open(F,RANDOM_DEVICE)) {
- read(F,$result,$length);
+ binmode F;
+ for (my $size = 0; $size < $length;) {
+ my $n = sysread F, $result, $length - $size, $size;
+ $!{EINTR} and next or die "sysread(): $!" unless defined $n;
+ $size += $n;
+ }
close F;
} else {
$result = pack("C*",map {rand(256)} 1..$length);