[DRE-maint] Bug#960066: schleuder: decide about the future of Recommends: haveged
Chris Hofstaedtler
zeha at debian.org
Thu May 28 14:09:22 BST 2020
Hi Georg,
* Georg Faerber <georg at debian.org> [200528 13:07]:
> Upstream recommends "to run a random number generator like haveged. This
> ensures Schleuder won't be blocked by lacking entropy, which otherwise
> might happen especially during key generation."
>
> Still there are concerns ([1], other examples do exist) about the
> reliability of haveged to provide cryptographically secure randomness:
>
[..]
> Quoting further:
>
> Linux 4.9+ has a new design for `/dev/urandom`: it XORs RdRAND/SEED
> with ChaCha20 (this design is borrowed from Adam Langley's
> implementation in BoringSSL, also used in libsodium) thus providing
> a fast and save interface for cryptographically secure pseudo random
> numbers.
Also, modern Linux kernels also contain a change to always have
enough entropy available, even during boot time. Such a kernel will
ship with bullseye.
I would recommend dropping the Recommends: haveged.
Thanks,
Chris
More information about the Pkg-ruby-extras-maintainers
mailing list