Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering



At Wed, 7 Apr 2021 09:52:29 +0200, Martin Husemann <martin%duskware.de@localhost> wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> On Tue, Apr 06, 2021 at 03:12:45PM -0700, Greg A. Woods wrote:
> > > Isn't it as simple as:
> > >
> > > 	dd bs=32 if=/dev/urandom of=/dev/random
> >
> > No, that still leaves the question of _when_ to run it.  (And, at least
> > at the moment, where to put it.  /etc/rc.local?)
>
> Of course not!
>
> You run it once. Manually. And never again.

Nope, sorry, that's not a good enough answer.  It doesn't solve the
problem of dealing with a lack of mutable storage.

A system _MUST_ be able to be booted and with no user intervention be
able to (eventually) get to the state where /dev/random and getrandom(2)
WILL NOT block, and it _MUST_ be able to do so without the help of any
hardware RNG, and without the ability to store (and read) a seed from a
file or other storage device.

I.e. we _MUST_ be _ABLE_ to choose to use other devices as sources for
entropy, even if they are not perfect.  We had this, it works fine, we
still need it.

--
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpBpAI0kOqhk.pgp
Description: OpenPGP Digital Signature



Home | Main Index | Thread Index | Old Index