Re: FYI/RFC: early-rng-init-tools

To: debian-devel@lists.debian.org
Subject: Re: FYI/RFC: early-rng-init-tools
From: Michael Stone <mstone@debian.org>
Date: Mon, 25 Feb 2019 11:23:06 -0500
Message-id: <[🔎] 3867c756-3919-11e9-9b6a-00163eeb5320@msgid.mathom.us>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] b1245f2b72ed5745659502a1afcdf8eab4522b74.camel@decadent.org.uk>
References: <[🔎] Pine.BSM.4.64L.1902241918320.19896@herc.mirbsd.org> <[🔎] b1245f2b72ed5745659502a1afcdf8eab4522b74.camel@decadent.org.uk>

On Mon, Feb 25, 2019 at 03:53:09PM +0000, Ben Hutchings wrote:

The major input into the new seed file contents is the old seed file
contents.

Yes, I'd just drop the seed file once used, then have a scheduled jobwrite a new one at some point in the future if the random quality ishigh enough. If you reboot twice in a row the second boot won't getseeded, but that's better than a package that introduces potentiallyinsecure random seeding by default. Maybe add a non-default option toallow seed reuse with a lot of warnings, but don't do it by default.

Reply to:

References:
- FYI/RFC: early-rng-init-tools
  - From: Thorsten Glaser <tg@debian.org>
- Re: FYI/RFC: early-rng-init-tools
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: FYI/RFC: early-rng-init-tools
Next by Date: Bug#923267: ITP: gnome-shell-extension-bluetooth-quick-connect -- GNOME Shell extension to connect paired Bluetooth devices
Previous by thread: Re: FYI/RFC: early-rng-init-tools
Next by thread: Re: FYI/RFC: early-rng-init-tools
Index(es):
- Date
- Thread