Re: /dev/random issue

[Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>]

> Date: Thu, 1 Oct 2020 18:30:29 +0200
> From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
> 
> that doens't explain why the other sources of entropy, which were working
> bedore, are not working any more.

They are working exactly as well as they did before.  What is
different is that NetBSD is no longer lying to you about how much
entropy it can confidently assert is provided by the source.

See
https://mail-index.NetBSD.org/current-users/2020/05/01/msg038495.html
for more information about the changes in the entropy subsystem since
netbsd-9.

There's a problem with Python which I'll go into in another message.

> > On another machine with working random number generator (nearly
> > all modernish amd64 machines have that) do:
> > 
> > 	dd if=/dev/random of=/tmp/file bs=32 count=1
> > 
> > then scp the file over and dd it into /dev/random:
> > 
> > 	dd if=/tmp/file of=/dev/random bs=32 count=1
> > 
> > This will be preserved accross reboots, so it is a one-time only fix.
> 
> OK. But how is it preserved across reboot ? Where does the kernel stores it ?

The one step martin maybe should have added is:

/etc/rc.d/random_seed stop

or

rndctl -S /var/db/entropy-file

This has the effect of writing a seed to disk, and you only need to do
it once.  When the machine next boots up, it will update the seed file
at the same time it loads the seed, so (barring a read-only root file
system) it will be maintained from boot to boot and won't be reused.

/etc/security will also update the seed file on a daily basis so any
entropy gathered during the boot will be periodically saved to disk
even if you don't shut down cleanly.