On Thu, May 14, 2020 at 03:12:13PM +0200, Joerg Sonnenberger wrote: > I'd strongly argue that the only category where it really matters > potentially are long term key generators. I would at the same time > consider creating the ssh host keys as part of sysinst, but that's > already setting up the seed file handling too.
Note that with -current and assuming you are not on quite new x86 machines the seed file will record 0 bits of entropy. This is why we talked about alternative/manual ways to get entropy on the installed machine. Of course if you pluged in your nice ualea during installation, all will be fine (which is why I enabled it by default yesterday). Martin P.S.: I have realy quite a lot of (very different) machines here and found four(!) so far that have a TRNG build in (three out of five amd64, one mips [erlite3]).
