tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: getrandom and getentropy

> Date: Mon, 11 May 2020 17:56:41 -0000 (UTC)
> From: (Michael van Elst)
> (Taylor R Campbell) writes:
> >> Date: Mon, 11 May 2020 16:16:12 -0000 (UTC)
> >> From: (Michael van Elst)
> >> 
> >> Now we put all trust in loading a constant file.
> >This is still false, just like it was the last time you made this
> >claim.
> We only trust a HWRNG and the seed file because only these enter
> a non-zero value for entropy. I cannot configure any other source to
> do that.

The kernel assumes anything written to /dev/random has full entropy,
so you can voluntarily choose to write something to it if you know
something the kernel and driver authors don't.

If you are satisfied with the samples of interrupt timings and
whatnot, you can always persuade the kernel with

dd if=/dev/urandom of=/dev/random bs=32 count=1

> Rebooting after writing a seed once: never blocks again, even when
> the file wouldn't change.

Please see what happens if you try to load a seed file from a
read-only medium.  For example, boot into single-user mode and issue

rndctl -L /var/db/entropy-file

without mounting the root file system read/write first.

And next time, please take concerns about this to the thread that's
_not_ meant to be focussed on a question about public C API choice.

Home | Main Index | Thread Index | Old Index