Web lists-archives.com

Re: FYI/RFC: early-rng-init-tools




On Mon, 2019-02-25 at 19:37 +0200, Uoti Urpala wrote:
[...]
> Generally you don't ever
> need to use /dev/random instead of /dev/urandom unless you make
> assumptions about cryptography failing.
[...]

I think I agree with that, but there is no way to add entropy that
unblocks getrandom() without also unblocking /dev/random.  If the seed
files used in two different boots are somewhat correlated, and the
entropy estimation doesn't account for that, the output of /dev/random
may also be somewhat correlated between the boots, which is not
supposed to happen.

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption]
would be development of an easy way to factor large prime numbers.
                                                           - Bill Gates


Attachment: signature.asc
Description: This is a digitally signed message part