On 20 July 2018 at 05:20, Ken Moffat <[email protected]> wrote:
> On Fri, Jul 20, 2018 at 12:37:46AM +0100, Ken Moffat wrote: > > > > I now contend that generating a random number to use when validating > > DNS responses does not require high-quality randomness, and as > > evidence I refer to the code I posted (taken originally from Open > > BSD, according to its documentation, so I will describe it as > > "paranoid by preference"). It tries to read /dev/random, and only > > falls back to /dev/urandom if the read failed. But the correct > > behaviour of /dev/random *on linux* is to hang forever until the > > kernel determines it can provide the requested entropy. > > > I'm going to investigate this. Starting from a faint hope that I > might get somewhere, I've raised #10964. > > But - > I'm supposed to be stepping back, so "You ain't seen me: right?" > [ © The Fast Show, apparently known as Brilliant in the USA ] > > To the invisible man :-) I seem to remember reading this some time ago:- https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged Maybe you've already read it; I found it useful. Richard
-- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
