On Mon, 18 Sept 2023 at 10:11, Jeff Pohlmeyer <[email protected]> wrote: > > On Mon, Sep 18, 2023 at 2:42 AM Roberto A. Foglietta > <[email protected]> wrote: > > > In case the /dev/urandom initialisation is a necessity (or a best > > practice), does it make sense to add it into busybox as an option or > > as an application? > > If you are able to update to a newer version of busybox, you might > want to check out the recently added "seedrng" applet, which seems to > be a well-considered means of addressing this issue.
Hi Jeff, thanks for the anwer: redfishos:~ # seedrng seedrng: can't create directory '/var/lib/seedrng': No such file or directory redfishos:~ # mkdir -p /var/lib/seedrng redfishos:~ # seedrng Saving 2048 bits of creditable seed for next boot I think that the app could create the directory path if it does not exist. Moreover an option to write on stdout would be nice to have. > You can find a > (rather lengthy) discussion here: > > http://lists.busybox.net/pipermail/busybox/2022-April/089545.html About this discussion, I have noticed two main points 1. the RNG can't actually be seeded from a shell script, due to the reliance on ioctls and the fact that entropy written into the unprivileged /dev/urandom device is not immediately mixed in, making subsequent seed reads dangerous. 2. I suppose that the kernel will load the generated file in the standard folder at the next boot time without further changes but I am not sure about that. For sure, it will not succeed in my case because rootfs a volatile filesystem and adding a link to a permanent data partition is not a general solution (for this system and at the moment). IMHO, the best I can do is to seed the /dev/urandom by injecting some data and then retrieve some data from it. I have no clue how long the data read from /dev/urandom to be granted that the entropy injected into it will be mixed as expected. I have created a function that generates more than 2048 bytes for seeding the /dev/urandom and read 4Kb after hoping to trigger the mix of the new entropy. udvseed(){ local n=$((33+${RANDOM:-15}%32)) u=/dev/urandom;f(){ dd if=$u bs=$n count=1; };(cd /proc;f;cat cmdline *stat;f;) 2>&1|pigz -$((1+n%9))c >$u; } I wrote it in a way to be short. In fact, it is 153 bytes while the seedrng app in busybox is about 1650. The function and the app are completely different and it is not a fair comparison. However, it is not the first time that I noticed that a busybox app can be easily replaced with a shell script function and this reduces N times the footprint. Best regards, R- _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
