CPU random: ubusd: uninitialized urandom read (4 bytes read)

why uninitialized urandom read?

[    6.247708] urandom-seed: Seeding with /etc/urandom.seed
[    6.271517] procd: - early -
[    6.916134] procd: - ubus -
[    6.925933] urandom_read: 4 callbacks suppressed
[    6.925937] random: ubusd: uninitialized urandom read (4 bytes read)
[    6.972441] random: ubusd: uninitialized urandom read (4 bytes read)
[    6.981194] random: ubusd: uninitialized urandom read (4 bytes read)
[    6.990533] procd: - init -
[   99.472205] random: crng init done

The answer is contained in the log data you provided. It seems your embedded device was only powered on about 6 seconds. That doesn't seem to be long enough to initialize the device.

It seems it takes ~99 seconds to initialize your cryptographic random number generator (CRNG).

linux kernel DRNGļ¼ˆDigital Random Number Generatorļ¼‰
@ drivers/char/random.c
for (i = 0; i < LONGS(EXTRACT_SIZE); i++) {
unsigned long v;
if (!arch_get_random_long(&v))
hash.l[i] ^= v;

Can you explain why you posted that code?

These messages are harmless so long as the reads from urandom are not being used to generate long lived cryptographic secrets, such as the ssh host key or a diffie-hellman modulus. Probably they're being used to do something like key a hash table or the like. I'm not sure what ubusd is doing with urandom but I doubt it's generating crypto keys.

1 Like

Found this on a search along with https://github.com/systemd/systemd/issues/4167
dlakelan you seemed to imply there that crypto should use getrandom() but according to https://www.2uo.de/myths-about-urandom/ using urandom is fine.

/dev/urandom is insecure. Always use /dev/random for cryptographic purposes.
Fact: /dev/urandom is the preferred source of cryptographic randomness on UNIX-like systems.
I don't fully understand this just curious if you disagree with that.