[Pkg-openssl-devel] Bug#689490: openssl: using openssl from maintainer scripts creates /root/.rnd
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Thu May 26 20:57:53 UTC 2016
On 2016-05-26 00:28:05 [+0200], Kurt Roeckx wrote:
> > Kurt, what about dropping that .rnd thingy and going straight for
> > /dev/urandom as default?
> > If I read it right, it is just the internal seed. We would use instead
> > always what the 2KiB the OS gives us and never write it back. The random
> > data is still produce by openssl. And we would have a more random 1st
> > start than without it :)
> > It does not look like a loss.
>
> I guess that if we can trust the OS to give us proper random data
> that it's not useful to keep that file.
>
> There are plans to rewrite the RNG, and maybe at that point it
> will go away.
So do we feel like changing something or sitting that one out until post new
RNG code? I *guess* a patch to allow using /dev/urandom instead of .rnd will
be deferred until the new RNG is there.
This will be post 1.1.0 right?
>
> Kurt
Sebastian
More information about the Pkg-openssl-devel
mailing list