[Pkg-openssl-devel] Bug#689490: openssl: using openssl from maintainer scripts creates /root/.rnd
Kurt Roeckx
kurt at roeckx.be
Wed May 25 22:28:05 UTC 2016
On Thu, May 26, 2016 at 12:03:10AM +0200, Sebastian Andrzej Siewior wrote:
> On 2012-10-03 18:05:21 [+0200], Kurt Roeckx wrote:
> > > while doing piuparts tests I noticed several packages leaving around a
> > > /root/.rnd file. The thing all these have in common is a (indirect)
> > Oh, you want random users to write to root's .rnd file? That sounds
> > like a good idea.
>
> Kurt, what about dropping that .rnd thingy and going straight for
> /dev/urandom as default?
> If I read it right, it is just the internal seed. We would use instead
> always what the 2KiB the OS gives us and never write it back. The random
> data is still produce by openssl. And we would have a more random 1st
> start than without it :)
> It does not look like a loss.
I guess that if we can trust the OS to give us proper random data
that it's not useful to keep that file.
There are plans to rewrite the RNG, and maybe at that point it
will go away.
Kurt
More information about the Pkg-openssl-devel
mailing list