Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering



On Mon, Apr 05, 2021 at 12:51:44AM +0200, Joerg Sonnenberger wrote:
> On Sun, Apr 04, 2021 at 02:16:41PM -0700, Paul Goyette wrote:
> > Perhaps sysinst(8) should ask
> > 
> > 	Do you need a hyper-secure system?
> > 
> > If yes, then leave things as they are today.  But if you answer no,
> > we should automatically copy enough pseudo-entropy bits to /dev/rnd
> > to prevent future blocking.
> 
> For most architectures, sysinst does do exactly that. It assumes that
> you don't just reset or reboot, but properly shutdown the system.
> 
> Joerg

Are you sure? AFAIK the estimation is saved inside the entropy file
that gets written on shutdown, and loaded on next boot. If the
estimation was zero, it stays zero, and you get blocking.

Martin had a patch that added a menu to sysinst providing
various options if estimation == 0, but IIRC it was disabled
pending further discussion.


Home | Main Index | Thread Index | Old Index