Re: Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1
- To: "Theodore Y. Ts'o" <tytso@mit.edu>, Kurt Roeckx <kurt@roeckx.be>, Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, "912087@bugs.debian.org" <912087@bugs.debian.org>, Package Development List for OpenSSL packages. <pkg-openssl-devel@alioth-lists.debian.net>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, Bernhard Übelacker <bernhardu@mailbox.org>, "pkg-systemd-maintainers@lists.alioth.debian.org" <pkg-systemd-maintainers@lists.alioth.debian.org>, "debian-ssh@lists.debian.org" <debian-ssh@lists.debian.org>, "912087-submitter@bugs.debian.org" <912087-submitter@bugs.debian.org>
- Subject: Re: Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1
- From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
- Date: Sat, 3 Nov 2018 22:58:14 +0000
- Message-id: <[🔎] abe15673-0126-99cd-89f5-0033565c2b1d@prevas.dk>
- In-reply-to: <20181030205136.GB6236@thunk.org>
- References: <20181029223334.GH10011@roeckx.be> <20181030001807.7wailpm37mlinsli@breakpoint.cc> <20181030141544.GE15839@thunk.org> <20181030183723.GI10011@roeckx.be> <20181030205136.GB6236@thunk.org>
On 2018-10-30 21:51, Theodore Y. Ts'o wrote:
> On Tue, Oct 30, 2018 at 07:37:23PM +0100, Kurt Roeckx wrote:
>>
>> So are you saying that the /var/lib/random/seed is untrusted, and
>> should never be used, and we should always wait for fresh entropy?
>>
[...]
>
> In any case, if Debian wants to ship a program which reads a seed file
> and uses it to initialize the random pull assuming that it's
> trustworthy via the RNDADDENTROPY ioctl, that's not an insane thing to
> do. My recommendation would be to make it be configurable, however,
> just as whether we trust RDRAND should be trusted (in isolation) to
> initialize the CRNG.
This thread finally prompted me to look into getting systemd to
optionally credit the seed file, and it seems like that might make it in
in some form:
https://github.com/systemd/systemd/pull/10621
Rasmus
Reply to: