On Mon, 02 Aug 2010, Christoph Anton Mitterer wrote:
> On Sat, 2010-07-31 at 13:36 -0700, John Denker wrote:
> > > And we should move the seed file to somewhere inside /etc or /lib. It is
> > > as
> > > simple as that. /var cannot be used for any data you need at early
> > > userspace.
> >
> >
On 07/31/2010 09:00 PM, Jerry Leichter wrote:
> I wouldn't recommend this for high-value security, but then if you're
> dealing with high-value information, there's really no excuse for not
> having and using a source of true random bits.
Yes indeed!
> On the question of what to do if we can't b
On Aug 1, 2010, at 10:34 AM, Henrique de Moraes Holschuh wrote:
(Please keep all CCs).
On Sun, 01 Aug 2010, Jerry Leichter wrote:
file might be reused: Stir in the date and time and anything else
that might vary - even if it's readily guessable/detectable - along
Well, yes, we have several
(Please keep all CCs).
On Sun, 01 Aug 2010, Jerry Leichter wrote:
> file might be reused: Stir in the date and time and anything else
> that might vary - even if it's readily guessable/detectable - along
Well, yes, we have several *guessable* sources of variable data available
during early users
On the question of what to do if we can't be sure the saved seed file
might be reused: Stir in the date and time and anything else that
might vary - even if it's readily guessable/detectable - along with
the seed file. This adds minimal entropy, but detecting that a seed
file has been re-
On Sat, Jul 31, 2010 at 04:55:18AM -0700, John Denker wrote:
> > 2. How dangerous it is to feed the pool with stale seed data in the next
> >boot (i.e. in a failure mode where we do not regenerate the seed file) ?
[...]
> Now, to answer the question: A random-seed file should never be reused.
On 07/31/2010 08:49 AM, Henrique de Moraes Holschuh wrote:
> the best way of fixing a Debian
> system to be more secure as far as the quality of the randomness used by a
> random user application will be, AFAIK, is to simply get a medium or high
> bandwidth TRNG,
Yes indeed!
> I don't have
Hi Henrique --
This is to answer the excellent questions you asked at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587665#81
Since that bug is now closed (as it should be), and since these
questions are only tangentially related to that bug anyway, I am
emailing you directly. Feel free to
