Subject: Re: add rnd(4) to install floppy
To: Jun-ichiro itojun Hagino <>
From: David Laight <>
List: tech-security
Date: 09/05/2003 12:35:06
> 	well, then, we should probably put some code into sysinst that warns
> 	user like "password entries are created with weak random number, you
> 	will not want to configure root password during this installation
> 	session" for kernels without rnd(4).

Or just install a small cheap cryptographically secure random number
generator into the kernel, and access it though a cheap interface.

After all once 64bits of 'randomness' have got themselves included
the output is random enough.  You can't actually lose entropy!

This big difficulty is seeding it - especially on systems with semiconductor
disks, and those without cycle counters.

If (and you don't have to) you used a rc4 based system, you could just
stir in any byte value that might be random and any time.  Provided the
value isn't based on the state of the gererator itself it can do no harm.
Getting some randomness from the boot code might also help.