On Mon, Feb 20, 2012 at 7:07 AM, Ben Laurie <[email protected]> wrote: > In FreeBSD random (and hence urandom) blocks at startup, but never again.
So, not exactly a terribly wrong thing to do, eh? ;) What OSes have parallelized rc script/whatever nowadays? Quite a few, it seems (several Linux distros, MacOS X, Solaris, maybe some BSDs? It seems to me that it should be quite safe to arrange for either a) services that depend on /dev/urandom to not start until after [that is, to depend on a service that does] proper seeding of it, or b) /dev/urandom to block, but only early in boot, until properly seeded. This is precisely why looking after the whole system is important; a holistic view of the system will lead the developers to ensure that there is enough entropy before any services (or user programs) run that might need it. And since user programs are outside the control of the init process, it seems that (b) is the safer approach. > One thing I'd really like to know is whether it would have ever > unblocked on these devices - and if it does, whether it ends up with > good entropy... But devices like that really should have a) a factory seed (different on each device, and obtained from a CSRNG), b) a clock and/or stable storage for a counter so that it is possible to ensure distinct PRNG state after each boot. There are other cases where we may not be able to rely on a factory seed, such as VMs and laptops. (Well, at least for pre-built VM images one could treat them like embedded devices and embed a per-image seed...) Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
