[Pkg-openssl-devel] Bug#689490: openssl: using openssl from maintainer scripts creates /root/.rnd
Kurt Roeckx
kurt at roeckx.be
Thu May 26 21:11:13 UTC 2016
On Thu, May 26, 2016 at 10:57:53PM +0200, Sebastian Andrzej Siewior wrote:
> On 2016-05-26 00:28:05 [+0200], Kurt Roeckx wrote:
> > > Kurt, what about dropping that .rnd thingy and going straight for
> > > /dev/urandom as default?
> > > If I read it right, it is just the internal seed. We would use instead
> > > always what the 2KiB the OS gives us and never write it back. The random
> > > data is still produce by openssl. And we would have a more random 1st
> > > start than without it :)
> > > It does not look like a loss.
> >
> > I guess that if we can trust the OS to give us proper random data
> > that it's not useful to keep that file.
> >
> > There are plans to rewrite the RNG, and maybe at that point it
> > will go away.
>
> So do we feel like changing something or sitting that one out until post new
> RNG code? I *guess* a patch to allow using /dev/urandom instead of .rnd will
> be deferred until the new RNG is there.
I guess I didn't look close enough to how it works now, but it
should also use /dev/urandom.
> This will be post 1.1.0 right?
Yes, it's clearly post 1.1.0. Nobody had time for that before the
feature freeze.
Kurt
More information about the Pkg-openssl-devel
mailing list