Am 17.12.18 um 13:52 schrieb Stefan Fritsch: > On Mon, 17 Dec 2018, Michael Biebl wrote: >>> It turns out there was a similar bug against openssh which was closed as >>> wontfix [1]. I don't see how apache can do anything about this, either. >> >> There is. Don't request high-quality randomness during boot unless you >> explicitly need it. > > That's utterly wrong. We do crypto and need high-quality randomness. There > can be no discussion about this. The system needs to make sure that we > have entropy when we start network daeamons.
You can't generate entropy out of thin air unfortunately. > The whole point of the getrandom() interface is that it cannot fail and > that its users don't need potentially buggy fallback code. If you break > that assumption, you will introduce security issues in the network daemons > that use weak entropy just in order to not block. What I was suggesting is that you don't use getrandom() for places where you don't need it. Anyway, your anger should not be directed at systemd here. It's the wrong recipient. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature