On Mon, Apr 05, 2021 at 02:13:31PM -0700, Greg A. Woods wrote: > At Mon, 5 Apr 2021 15:37:49 -0400, Thor Lancelot Simon <t...@panix.com> wrote: > Subject: Re: regarding the changes to kernel entropy gathering > > > > On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote: > > > > > > BTW, to me reusing the same entropy on every reboot seems less secure. > > > > Sure. But that's not what the code actually does. > > > > Please, read the code in more depth (or in this case, breadth), then argue > > about it. > > Sorry, I was eluding to the idea of sticking the following in > /etc/rc.local as the brain-dead way to work around the problem: > > echo -n "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" > /dev/random > > However I have not yet read and understood enough of the code to know > if: > > dd if=/dev/urandom of=/dev/random bs=32 count=1
It's no better. But what you're missing is that neither does what you think. When rndctl -L runs after the system comes up multiuser, all entropy samples that have been added (which are in the per-cpu pools) are propagated to the global pool. Every stream RNG on the system then rekeys itself - they are _not_ just using the entropy from the seed on disk. Even if nothing does so earlier, when rndctl -S runs as the system shuts down, again all entropy samples that have been added (which, again, are accumulating in the per-cpu pools) are propagated to the global pool; all the stream RNGs rekey themselves again; then the seed is extracted. It is neither the case that samples added with a 0 entropy estimate go nowhere, nor that they do not add entropy to the seed file such that it is _not_ "reusing the same entropy on every boot". If you'd like to propagate samples from the per-CPU pool to the global pool and force the stream generators to rekey more often, you can sysctl -w kern.entropy.consolidate=1 from cron.