Be more conservative about entropy estimates. In particular, instead

of giving /dev/random, EGD, and CryptoAPI a full 8 bits per byte of
entropy, estimate at 6 bits.

In the proc walker, allow more files to be read, read more of any
particular file, and count each bit for 1/10 as much as before.
Reading more of the file seems especially valuable, as some files are
quite random, whereas others are very static, and this should ensure
we read more of the actually unpredictable inputs.

Prefer /dev/random over /dev/urandom

5 files changed, 7 insertions, 7 deletions

diff --git a/src/entropy/cryptoapi_rng/es_capi.cpp b/src/entropy/cryptoapi_rng/es_capi.cpp
index d3d076641..c9069ce65 100644
--- a/src/entropy/cryptoapi_rng/es_capi.cpp
+++ b/src/entropy/cryptoapi_rng/es_capi.cpp
@@ -65,7 +65,7 @@ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum)
 
       if(got)
          {
-         accum.add(&io_buffer[0], io_buffer.size(), 8);
+         accum.add(&io_buffer[0], io_buffer.size(), 6);
          break;
          }
       }
diff --git a/src/entropy/dev_random/dev_random.cpp b/src/entropy/dev_random/dev_random.cpp
index d14ae43ae..c16f48768 100644
--- a/src/entropy/dev_random/dev_random.cpp
+++ b/src/entropy/dev_random/dev_random.cpp
@@ -117,7 +117,7 @@ void Device_EntropySource::poll(Entropy_Accumulator& accum)
 
       if(got)
          {
-         accum.add(&io_buffer[0], got, 8);
+         accum.add(&io_buffer[0], got, 6);
          break;
          }
       }
diff --git a/src/entropy/egd/es_egd.cpp b/src/entropy/egd/es_egd.cpp
index b2b629930..e0ebf9509 100644
--- a/src/entropy/egd/es_egd.cpp
+++ b/src/entropy/egd/es_egd.cpp
@@ -147,7 +147,7 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum)
 
       if(got)
          {
-         accum.add(&io_buffer[0], got, 8);
+         accum.add(&io_buffer[0], got, 6);
          break;
          }
       }
diff --git a/src/entropy/proc_walk/es_ftw.cpp b/src/entropy/proc_walk/es_ftw.cpp
index 5d58f9869..7bf6c3310 100644
--- a/src/entropy/proc_walk/es_ftw.cpp
+++ b/src/entropy/proc_walk/es_ftw.cpp
@@ -127,12 +127,12 @@ FTW_EntropySource::~FTW_EntropySource()
 
 void FTW_EntropySource::poll(Entropy_Accumulator& accum)
    {
-   const size_t MAX_FILES_READ_PER_POLL = 1024;
+   const size_t MAX_FILES_READ_PER_POLL = 2048;
 
    if(!dir)
       dir = new Directory_Walker(path);
 
-   MemoryRegion<byte>& io_buffer = accum.get_io_buffer(128);
+   MemoryRegion<byte>& io_buffer = accum.get_io_buffer(4096);
 
    for(size_t i = 0; i != MAX_FILES_READ_PER_POLL; ++i)
       {
@@ -150,7 +150,7 @@ void FTW_EntropySource::poll(Entropy_Accumulator& accum)
       ::close(fd);
 
       if(got > 0)
-         accum.add(&io_buffer[0], got, .01);
+         accum.add(&io_buffer[0], got, .001);
 
       if(accum.polling_goal_achieved())
          break;
diff --git a/src/libstate/global_rng.cpp b/src/libstate/global_rng.cpp
index a73924213..e9ea530ac 100644
--- a/src/libstate/global_rng.cpp
+++ b/src/libstate/global_rng.cpp
@@ -68,7 +68,7 @@ void add_entropy_sources(RandomNumberGenerator* rng)
 #if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM)
    rng->add_entropy_source(
       new Device_EntropySource(
-         split_on("/dev/urandom:/dev/random:/dev/srandom", ':')
+         split_on("/dev/random:/dev/srandom:/dev/urandom", ':')
          )
       );
 #endif