Question: Does WSL provide decent entropy? (e.g. for generating ssh keys)

[evancox10]

While recognizing the complexities inherent in this topic, I wanted to know if we could get some guidance on what to expect from the entropy sources / random number generators in WSL (/dev/random, /dev/urandom, and the getentropy/getrandom sys calls). Is it mixing in user-generated entropy from the environment? Using hardware-assisted RNG from a CPU (when available)? Or instead, is it doing something boneheaded like seeding the entropy pool with the current time or PID? Or worse, a hard-coded seed?

An example use case would be generating ssh keys. I would like to know whether or not I can expect the randomness used to generate the keys as "good enough" for every day usage. ie No state-level actors or APT malware.

Currently there is no /proc/sys/kernel/random/entropy_avail to check for entropy, but I see in #1092 that a fix is inbound for some parts of /proc/sys/kernel/random, so maybe that will include a working implementation of entropy_avail.

Any implementation details that could be shared would be appreciated too. Thanks!

[fpqc]

@evancox10 /dev/random does not use entropy_avail in userspace in Linux. The Linux kernel blocks when entropy_avail is zero, not the userspace. Pretty sure that in WSL, /dev/random sits on top of the NT Kernel's version of /dev/random (KsecDD).

From Wikipedia:
In Windows NT, similar functionality is delivered by ksecdd.sys, but reading the special file \Device\KsecDD does not work as in UNIX. The documented methods to generate cryptographically random bytes are CryptGenRandom and RtlGenRandom.

[benhillis]

@evancox10 - Great question. We use the BCryptGenRandom API in our driver to generate random bytes for the getrandom syscall as well as /dev/random and /dev/urandom.

[evancox10]

Thanks @benhillis, that answers my question!