On Wed, Jan 15, 2014 at 6:33 AM, Gerardus Hendricks <[email protected]> wrote: > On 1/14/14 7:39 PM, anarcat wrote: >> How does tor generate its private key? Does it use /dev/random? Is there >> an issue with bootstrapping a new tor node straight from the first >> install, when entropy is potentially low?
If you're worried about the particular scenario where you've got a device --especially a diskless device -- that has never been booted before, one option is to have the script you use to start Tor check whether an identity key has been created. If it hasn't, it should try to read a byte from /dev/random before it starts Tor, and block until it actually can read that byte. This is an ugly hack, of course! I'd much prefer if kernels everywhere would have /dev/urandom block in the case when there has never been enough entropy in /dev/urandom. I've added a ticket (https://trac.torproject.org/projects/tor/ticket/10676) for better workarounds for this. -- Nick -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
