On Fri, Aug 1, 2014 at 10:24 AM, Jacob Appelbaum <[email protected]> wrote: > ... > Sure - if we have entropy, we can seed anything. :)
*grin* > How is that worse? The goal is entropy collectin. A public value is > not entropic. but a public value in addition to other predictable values maybe provides an incremental increase in difficulty of attack. (i'll provide tech citations later this eve) > It may make sense to add entropy to the disk at install time from the > installing computer. this would fall into the persistence dependency category, but also very much useful! > The date is strictly better than no entropy at all. A date is a very > small amount of entropy but probably it is not sufficient. agreed. > That does that work? If we have no entropy, we have no entropy. i'm creating a matix of kernel versions and potential pre-init user space seeding avenues available. this will explain it better. odds low, but it could happen. > We need both - we cannot known when one will not function as hardware > may change on a per boot basis. correct; this determination should be at inititialization: can rgnd run? if yes, don't launch haveged. > Could you explain the (unseeded) process for entropy collection in the > kernel (3.14-1-amd64) in use on Tails? Assuming no haveged, rngd, etc. will do. best regards, _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
