On Fri, Jul 18, 2014 at 4:47 PM, Antti Kantee <[email protected]> wrote:
> [cc'ing Taylor, who probably (get it?) actually knows something about
> the subject]
> Yea, maybe. I can't remember if the cprng wants to slurp in 8k entropy
> every time it's bootstrapped, or only when it's required. If you boot
> 1k rump kernels as part of tests, that's a lot of entropy that's
> potentially going completely unused.
Looking at what is being used, it is reading 512 byte chunks, several
of them, so maybe trying to get 8k
Thats actually rather too much to use /dev/random at all. Linux says
While some safety margin above that minimum is reasonable,
as a guard against flaws in the CPRNG algorithm, no crypto‐graphic
primitive available today can hope to promise more than 256 bits of
security, so if any program reads more than 256 bits (32 bytes)
from the kernel random pool per invocation, or per reasonable reseed
interval (not less than one minute), that should be taken as a sign
that its cryptography is not skillfully implemented.
On the other hand maybe it is just being optimistic and it will be
happy with a few random crumbs.
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
rumpkernel-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rumpkernel-users
