Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering



At Mon, 5 Apr 2021 15:37:49 -0400, Thor Lancelot Simon <tls%panix.com@localhost> wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote:
> >
> > BTW, to me reusing the same entropy on every reboot seems less secure.
>
> Sure.  But that's not what the code actually does.
>
> Please, read the code in more depth (or in this case, breadth), then argue
> about it.

Sorry, I was eluding to the idea of sticking the following in
/etc/rc.local as the brain-dead way to work around the problem:

	echo -n "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" > /dev/random

However I have not yet read and understood enough of the code to know
if:

	dd if=/dev/urandom of=/dev/random bs=32 count=1

is any more "secure" -- I'm guessing (hoping?) it depends on exactly
when this might be run, and also depends on which, if any, other device
sources are enabled for "collecting".  If in some rare case none were
enabled, or if it were run before any were able to "stir the pool", then
I'm guessing it would be no more secure than writing a fixed string.

--
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpO_wgbNUCvB.pgp
Description: OpenPGP Digital Signature



Home | Main Index | Thread Index | Old Index