[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: regarding the changes to kernel entropy gathering
On Mon, Apr 05, 2021 at 02:13:31PM -0700, Greg A. Woods wrote:
> At Mon, 5 Apr 2021 15:37:49 -0400, Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> Subject: Re: regarding the changes to kernel entropy gathering
> > On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote:
> > >
> > > BTW, to me reusing the same entropy on every reboot seems less secure.
> > Sure. But that's not what the code actually does.
> > Please, read the code in more depth (or in this case, breadth), then argue
> > about it.
> Sorry, I was eluding to the idea of sticking the following in
> /etc/rc.local as the brain-dead way to work around the problem:
> echo -n "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" > /dev/random
> However I have not yet read and understood enough of the code to know
> dd if=/dev/urandom of=/dev/random bs=32 count=1
It's no better. But what you're missing is that neither does what you
think. When rndctl -L runs after the system comes up multiuser, all
entropy samples that have been added (which are in the per-cpu pools)
are propagated to the global pool. Every stream RNG on the system then
rekeys itself - they are _not_ just using the entropy from the seed on
disk. Even if nothing does so earlier, when rndctl -S runs as the system
shuts down, again all entropy samples that have been added (which, again,
are accumulating in the per-cpu pools) are propagated to the global pool;
all the stream RNGs rekey themselves again; then the seed is extracted.
It is neither the case that samples added with a 0 entropy estimate go
nowhere, nor that they do not add entropy to the seed file such that it
is _not_ "reusing the same entropy on every boot".
If you'd like to propagate samples from the per-CPU pool to the global
pool and force the stream generators to rekey more often, you can
sysctl -w kern.entropy.consolidate=1 from cron.
Main Index |
Thread Index |