On Wed, 17.06.15 20:21, cee1 (fykc...@gmail.com) wrote: > 2015-06-17 16:40 GMT+08:00 Reindl Harald <h.rei...@thelounge.net>: > > > > Am 17.06.2015 um 05:06 schrieb cee1: > >> > >> 2015-06-16 0:21 GMT+08:00 Lennart Poettering <lenn...@poettering.net>: > >>> > >>> On Mon, 15.06.15 23:33, cee1 (fykc...@gmail.com) wrote: > >>>> > >>>> Hi, > >>>> > >>>> I maybe got confused. > >>>> > >>>> First, systemd-random-seed.service will save a "seed" from > >>>> /dev/urandom when shutdown, and load that "seed" to /dev/urandom when > >>>> next boot up. > >>>> > >>>> My questions are: > >>>> 1. Can we not save a seed, but load a seed that is read from ** > >>>> /dev/random ** to ** /dev/urandom **? > >>> > >>> > >>> The seed is used for both. Then you'd feed the stuff you got from the > >>> RNG back into the RNG which is a pointless excercise. > >> > >> > >> systemd-random-seed.service will load the "seed on disk" to > >> /dev/urandom, and save a "seed" to disk when shutdown, right? > >> > >> The article at http://www.2uo.de/myths-about-urandom/ suggests us > >> saving the seed as soon as there is enough entropy(means read from > >> /dev/random? if returns, there's enough entropy), > > > > > > well, so you read the seed and inject it to /dev/random followed by read > > /dev/random and overwrite the seed for the next boot - don't sounds that > > good > > What I means is: > 1. Load a saved seed to /dev/urandom. > 2. The service read /dev/random, which will block until kernel thinks > there's enough entropy - then the Random Number should be good? > 3. Save the random number returned in step 2 on disk.
Blocking at boot for this doesn't really sound like an option. But the kernel does not provide us with any nice notifications about when the RNG pool is complete. If we want to do this kind of polishing, then that'd be great, but we'd need sane notifiers for that, blocking syscalls are not an option. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
