Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/117#issuecomment-52402939
i like the idea that by default you get a good image, and all-to-often
without this you don't (most cloud machines don't have sufficient entropy). but
it could be a security hole as this uses `/dev/urandom` for everything.
i'd be inclined to add `rng-tools` support and add a new key
`DEV_RANDOM_MODE` taking an enum accepting `URANDOM`, `RNG-TOOLS`, and `NONE`,
defaulting to `RNG-TOOLS` as a balance between security and reliability.
(secondarily it should check the existing key which will be deprecated.)
@aledsage @richardcloudsoft and @andreaturli wdyt?
PS, to install `rng-tools`:
On Ubuntu:
apt-get -y install rng-tools
# edit /etc/default/rng-tools to set HRNGDEVICE=/dev/urandom
echo HRNGDEVICE=/dev/urandom >> /etc/default/rng-tools
/etc/init.d/rng-tools start
On CentOS / RHEL:
yum -y -q install rng-tools
# append 'EXTRAOPTIONS=-r /dev/urandom\' to '/etc/sysconfig/rngd'
echo EXTRAOPTIONS=-r /dev/urandom >> /etc/sysconfig/rngd
/etc/init.d/rngd start
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
