At Mon, 5 Apr 2021 03:02:42 +0200, Joerg Sonnenberger <joerg%bec.de@localhost> wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> Except that's not what the system is doing. It removes the seed file on
> boot and creates a new one on shutdown.
That's not exactly what the documentation says it does (from rndctl(8)):
-L Load saved entropy from file save-file and overwrite it with a
seed derived by hashing it together with output from /dev/urandom
so that the new seed has at least as much entropy as either the
old seed had or the system already has. If interrupted, either
the old seed or the new seed will be in place.
The code seems to concur.
Also the system re-saves the $random_file via /etc/security
(unconditionally, i.e. always, but only if $random_file is set).
--
Greg A. Woods <gwoods%acm.org@localhost>
Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpRQt4OqR43a.pgp
Description: OpenPGP Digital Signature