[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FYI/RFC: early-rng-init-tools

>>>>> "Ben" == Ben Hutchings <ben@decadent.org.uk> writes:

    >> The additional entropy gathered is for extra safety; it is not
    >> *depended* on for basic security assumptions.
    Ben> [...]

    Ben> It is, because the the kernel is told to treat it as providing
    Ben> a certain number of bits of entropy.

I see no problem crediting the secret stored across the reboot with the
entropy in the pool at the time of shutdown.
I agree that the credits for the entropy of the additional information
added may be too high.

I'm skeptical that the actual entropy credits matter much once you have
*enough*, but I agree that the /dev/random interface does depend on
that, and the proposal as described may be violating that assumption.

Reply to: