Thanks - that is useful information. I think the big point is that the new seed file is generated from urandom, not from the internal state, so the new seed doesn't leaak internal state. The "save entropy" language didn't allow me to conclude that. Also, your explanation is about updating, but it doesn't address generation of a file for the first time. Presumably that just takes urandom without the old seed that isn't there and doesn't overwrite the old seed that isnt' there. Interestingly, I have a machine running current, running as a dom0 sometimes, and haven't had problems. I now realize that's only because the machine had a seed file created under either 7 or 9 (installed 7, updated to 9, updated to current). So it has trusted, untrustworthy entropy (even though surely after all this time some of it must have been unobserved).
Description: PGP signature