Laurent Bercot wrote in <em8e7b63c3-f3cb-4896-8b8e-71ec9a785...@a07a6ddf.com>: ... | The answer's to Roberto's first question is: yes, initializing |/dev/urandom is necessary, but writing stuff to /dev/urandom will not |help, even if you consider that stuff random enough. You need a specific |tool like seedrng.
No. ... | For the second thing: most of the initialization of a system can happen |while the seeding of the entropy pool is in progress. However, at some |point, you need a good source of randomness, e.g. when starting an sshd |server, and you should have a tool that makes sure the entropy pool is |full *before* important services start using it to get their random |data. | | seedrng, or rngseed, fill that role. Writing data to /dev/urandom does |not. So the answer to Roberto's second question is: no, the provided Why not? _Only_ by definition. The definition is not right. |script excerpt is *not* suitable for seeding the entropy pool, no matter |how much compression, or even how much hashing, you use. That .. i agree with. (I have not really looked i must admit. This is both truly hairy and totally "exaggerated", in my opinion, sorry for the bad english. I have read OpenBSD's as well as Donenfeld's first as well as Tso's random stuff in the past. If anyone wants to know, in my opinion counting entropy was and is a miracle to me. NetBSD's CVS HEAD now has a truly sophisticated approach that is user tunable, in sofar: nice! I myself say: it is best effort, treat it as "seeded" if stat("/dev/random")->st_blksize (aka "stat -c %o /dev/random") bytes have been written to "it", uh, that is a large value!, and mix in "jitterentropy" and interrupts and what not for sources in the kernel to be unique.) That VM-fork stuff of Jason Donenfeld is a good thing! ... --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox