Web lists-archives.com

Re: FYI/RFC: early-rng-init-tools




Ben Hutchings writes ("Re: FYI/RFC: early-rng-init-tools"):
> On Mon, 2019-02-25 at 19:37 +0200, Uoti Urpala wrote:
> > Generally you don't ever
> > need to use /dev/random instead of /dev/urandom unless you make
> > assumptions about cryptography failing.
> 
> I think I agree with that, but there is no way to add entropy that
> unblocks getrandom() without also unblocking /dev/random.  If the seed
> files used in two different boots are somewhat correlated, and the
> entropy estimation doesn't account for that, the output of /dev/random
> may also be somewhat correlated between the boots, which is not
> supposed to happen.

I'm not sure what you mean by `somewhat correlated'.

Assuming that the random seed file is not copied, there is no weakness
in copying entropy out of the kernel random pool and reinserting it on
next boot, assuming that either (i) the entropy estimate provided on
next boot is no bigger than the kernel's entropy counter at shutdown
OR (ii) the kernel's PRNG was at any time properly seeded so that
/dev/random unblocked.

Ian.

-- 
Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.