[Pkg-openssl-devel] Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1
Theodore Y. Ts'o
tytso at mit.edu
Wed Oct 31 22:41:06 GMT 2018
On Wed, Oct 31, 2018 at 11:21:59AM +0000, Sebastian Andrzej Siewior wrote:
> On October 30, 2018 8:51:36 PM UTC, "Theodore Y. Ts'o" <tytso at mit.edu> wrote:
> >
> >So it's complicated. It's not a binary trusted/untrusted sort of
> >thing.
>
> What about RNDRESEEDCRNG? Would it be reasonable to issue it after writing the seed as part of the boot process?
No, that's for debugging purposes only.
When there is sufficient entropy added (either through a hw_random
subsystem, or because RDRAND is trusted, or the RNDADDENTORPY ioctl),
the crng is automatically reseeded by credit_entropy_bits(). So it's
not needed to use RNDRESEEDCRNG.
- Ted
More information about the Pkg-openssl-devel
mailing list