tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering



At Mon, 5 Apr 2021 03:02:42 +0200, Joerg Sonnenberger <joerg%bec.de@localhost> wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> Except that's not what the system is doing. It removes the seed file on
> boot and creates a new one on shutdown.

That's not exactly what the documentation says it does (from rndctl(8)):

    -L      Load saved entropy from file save-file and overwrite it with a
             seed derived by hashing it together with output from /dev/urandom
             so that the new seed has at least as much entropy as either the
             old seed had or the system already has.  If interrupted, either
             the old seed or the new seed will be in place.

The code seems to concur.

Also the system re-saves the $random_file via /etc/security
(unconditionally, i.e. always, but only if $random_file is set).

--
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpRQt4OqR43a.pgp
Description: OpenPGP Digital Signature



Home | Main Index | Thread Index | Old Index