tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering

Thanks - that is useful information.

I think the big point is that the new seed file is generated from
urandom, not from the internal state, so the new seed doesn't leaak
internal state.  The "save entropy" language didn't allow me to conclude

Also, your explanation is about updating, but it doesn't address
generation of a file for the first time.  Presumably that just takes
urandom without the old seed that isn't there and doesn't overwrite the
old seed that isnt' there.

Interestingly, I have a machine running current, running as a dom0
sometimes, and haven't had problems.  I now realize that's only because
the machine had a seed file created under either 7 or 9 (installed 7,
updated to 9, updated to current).  So it has trusted, untrustworthy
entropy (even though surely after all this time some of it must have
been unobserved).

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index