On Sat, 2019-09-28 at 17:20 +0800, Paul Wise wrote: > Package: finish-install > Version: 2.56 > Severity: important > Tags: security > Control: found -1 2.81 > Control: found -1 2.100 > Control: found -1 2.101 > > finish-install creates a random seed in the location used by the > urandom init script from the initscripts package. On systemd based > systems, systemd-random-seed.service overrides the urandom init script > but uses a different location for its random seed file. Consequently on > first boot of systemd based systems there is no random seed file so the > amount of entropy available is lower. [...]
This should improve the randomness of /dev/urandom. However, the last time I checked, the systemd service does not change the kernel's entropy accounting. (And there was a small risk of using the seed twice, which would need to be fixed before changing that.) So this does not help with the problem of slow boots due to the kernel not accounting enough entropy. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap.
signature.asc
Description: This is a digitally signed message part