Re: FYI/RFC: early-rng-init-tools

To: Uoti Urpala <uoti.urpala@pp1.inet.fi>
Cc: debian-devel@lists.debian.org
Subject: Re: FYI/RFC: early-rng-init-tools
From: Thorsten Glaser <tg@debian.org>
Date: Sun, 24 Feb 2019 22:04:13 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.1902242159410.521@herc.mirbsd.org>
Reply-to: Thorsten Glaser <tg@debian.org>, debian-devel@lists.debian.org
In-reply-to: <e2633c836bf3ef102f9e265e4cb5ecfd26a09d3b.camel@pp1.inet.fi>
References: <e2633c836bf3ef102f9e265e4cb5ecfd26a09d3b.camel@pp1.inet.fi>

Uoti Urpala dixit:

>entropy to be secure. Consider the following scenario:
>
>Daemon

There are no daemons running at that time. This is run in
initramfs, just after the root filesystem has been mounted,
with no background tasks save udev running, and network has
not been set up (unless NFS or dropbear are in use).

Adding bytes at both points sounds doable. I wanted to keep
it simple, no “magic sprinkle”, because people tend to fear
those. I might do that, but I don’t really see an attack
scenario here (see above)… we’re talking about a place in
boot where normally there’s 0 entropy available and / is
mounted read-only anyway.

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.		-- Andreas Bogk über boehm-gc in d.a.s.r

Reply to:

Prev by Date: Bug#923187: ITP: golang-github-golang-freetype -- The Freetype font rasterizer in the Go programming language.
Next by Date: Bug#923216: ITP: python-fingerprint -- Python 2 and 3 library for using ZhianTec fingerprint sensors
Previous by thread: Re: FYI/RFC: early-rng-init-tools
Next by thread: Re: FYI/RFC: early-rng-init-tools
Index(es):
- Date
- Thread