Much Ado About Blocking (L30b)
Some Common Criteria schemes accept the Linux kernel’s random number generator as a sufficient entropy source only if the device from which applications request random data blocks requests until it has sufficient, high-quality entropy. In previous Linux kernel versions /dev/random used to be a blocking device. As of Linux kernel v5.6, /dev/random was made to behave almost like /dev/urandom in the sense that it is no longer blocking application requests during runtime. This is a problem for vendors who need to become Common Criteria certified through schemes that do not accept non-blocking devices. The implications of this problem will be discussed in this presentation along with possible solutions and recommendations for schemes and vendors.