Laurent Bercot wrote in
<[email protected]>:
...
| The answer's to Roberto's first question is: yes, initializing
|/dev/urandom is necessary, but writing stuff to /dev/urandom will not
|help, even if you consider that stuff random enough. You need a specific
|tool like seedrng.
No.
...
| For the second thing: most of the initialization of a system can happen
|while the seeding of the entropy pool is in progress. However, at some
|point, you need a good source of randomness, e.g. when starting an sshd
|server, and you should have a tool that makes sure the entropy pool is
|full *before* important services start using it to get their random
|data.
|
| seedrng, or rngseed, fill that role. Writing data to /dev/urandom does
|not. So the answer to Roberto's second question is: no, the provided
Why not? _Only_ by definition. The definition is not right.
|script excerpt is *not* suitable for seeding the entropy pool, no matter
|how much compression, or even how much hashing, you use.
That .. i agree with. (I have not really looked i must admit.
This is both truly hairy and totally "exaggerated", in my opinion,
sorry for the bad english. I have read OpenBSD's as well as
Donenfeld's first as well as Tso's random stuff in the past. If
anyone wants to know, in my opinion counting entropy was and is
a miracle to me. NetBSD's CVS HEAD now has a truly sophisticated
approach that is user tunable, in sofar: nice! I myself say: it
is best effort, treat it as "seeded" if
stat("/dev/random")->st_blksize (aka "stat -c %o /dev/random")
bytes have been written to "it", uh, that is a large value!, and
mix in "jitterentropy" and interrupts and what not for sources in
the kernel to be unique.)
That VM-fork stuff of Jason Donenfeld is a good thing!
...
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
