On August 15, 2014 2:04:56 PM CEST, Theo de Raadt <dera...@cvs.openbsd.org> wrote: >> Is it safe to generate some randomness in /tftpboot/etc/random.seed >for >> clients that PXE boot? > >I do not even know if that file will be read... is it?
IIRC, it is tried but deemed unsafe (0555) and therefore isn't used, but causes a warning. Maybe it had changed since. /Alexander > >> My concern is that this file will be available to everyone on the >> network via TFTP. So does knowing this randomness help "predict" the >> PRNG output of the clients that use it? > >It isn't worse. It won't hurt. > >> I read in a de Raadt interview earlier this year that there are other > >> sources mixed in at the boot loader state. So I'm guessing it >shouldn't >> hurt, but probably help. Some clarification on the subject from an >> expert would be greatly appreciated. > >Yes, other things are mixed in as well.