[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FYI/RFC: early-rng-init-tools

On Mon, 2019-02-25 at 19:37 +0200, Uoti Urpala wrote:
> Generally you don't ever
> need to use /dev/random instead of /dev/urandom unless you make
> assumptions about cryptography failing.

I think I agree with that, but there is no way to add entropy that
unblocks getrandom() without also unblocking /dev/random.  If the seed
files used in two different boots are somewhat correlated, and the
entropy estimation doesn't account for that, the output of /dev/random
may also be somewhat correlated between the boots, which is not
supposed to happen.


Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption]
would be development of an easy way to factor large prime numbers.
                                                           - Bill Gates

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: