> Date: Thu, 1 Oct 2020 18:30:29 +0200 > From: Manuel Bouyer <[email protected]> > > that doens't explain why the other sources of entropy, which were working > bedore, are not working any more.
They are working exactly as well as they did before. What is different is that NetBSD is no longer lying to you about how much entropy it can confidently assert is provided by the source. See https://mail-index.NetBSD.org/current-users/2020/05/01/msg038495.html for more information about the changes in the entropy subsystem since netbsd-9. There's a problem with Python which I'll go into in another message. > > On another machine with working random number generator (nearly > > all modernish amd64 machines have that) do: > > > > dd if=/dev/random of=/tmp/file bs=32 count=1 > > > > then scp the file over and dd it into /dev/random: > > > > dd if=/tmp/file of=/dev/random bs=32 count=1 > > > > This will be preserved accross reboots, so it is a one-time only fix. > > OK. But how is it preserved across reboot ? Where does the kernel stores it ? The one step martin maybe should have added is: /etc/rc.d/random_seed stop or rndctl -S /var/db/entropy-file This has the effect of writing a seed to disk, and you only need to do it once. When the machine next boots up, it will update the seed file at the same time it loads the seed, so (barring a read-only root file system) it will be maintained from boot to boot and won't be reused. /etc/security will also update the seed file on a daily basis so any entropy gathered during the boot will be periodically saved to disk even if you don't shut down cleanly.
