Re: FYI/RFC: early-rng-init-tools

To: Uoti Urpala <uoti.urpala@pp1.inet.fi>
Cc: debian-devel@lists.debian.org
Subject: Re: FYI/RFC: early-rng-init-tools
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 25 Feb 2019 17:58:25 +0000
Message-id: <[🔎] 0d0317cfc876196dd104599ae810a7b203f73f9c.camel@decadent.org.uk>
In-reply-to: <eafb2b0e51e07fc842c20e0faa721428a211f55d.camel@pp1.inet.fi>
References: <eafb2b0e51e07fc842c20e0faa721428a211f55d.camel@pp1.inet.fi>

On Mon, 2019-02-25 at 19:37 +0200, Uoti Urpala wrote:
[...]
> Generally you don't ever
> need to use /dev/random instead of /dev/urandom unless you make
> assumptions about cryptography failing.
[...]

I think I agree with that, but there is no way to add entropy that
unblocks getrandom() without also unblocking /dev/random.  If the seed
files used in two different boots are somewhat correlated, and the
entropy estimation doesn't account for that, the output of /dev/random
may also be somewhat correlated between the boots, which is not
supposed to happen.

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption]
would be development of an easy way to factor large prime numbers.
                                                           - Bill Gates

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: FYI/RFC: early-rng-init-tools
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: FYI/RFC: early-rng-init-tools
Next by Date: Re: FYI/RFC: early-rng-init-tools
Previous by thread: Re: FYI/RFC: early-rng-init-tools
Next by thread: Re: FYI/RFC: early-rng-init-tools
Index(es):
- Date
- Thread