[Pkg-sysvinit-devel] init.d/urandom : random-seed [patches]

John Denker jsd at av8n.com
Sat Sep 11 18:49:49 UTC 2010


On 09/11/2010 11:33 AM, Henrique de Moraes Holschuh wrote:
> BTW, don't just cat the date into /dev/random.  Cat the entire contents of
> the kernel log buffer as well.

Can you explain why you think that would be worthwhile?

There was 100% consensus on the cryptography list that using
the date/time was a good idea.  Using the entire kernel log
was not discussed, and I guarantee you that it would not
receive consensus.  I for one would object that it is not
useful, let alone necessary.

The cryptographic purpose would be fully accomplished by
a humble counter, so long as each time it was used it
differed by even _one bit_ from all previous values.
For present purposes, the clock serves as a counter,
with the advantage that it is present on almost all
platforms.

The clock-time is guaranteed to be different on each
reboot.  The log is not guaranteed to be different,
except insofar as it includes timestamps that depend
on the clock.
 
> HOWEVER one should contact the porters for the arches with other kernels and
> get the relevant data from them, nobody around here claimed any knowledge of
> how /dev/random in FreeBSD (or The Hurd for that matter) behaves.  Heck, I
> don't even KNOW if the initscript runs there or not... :(

That is IMHO a good enough reason to not bother.  Since
it is not worth doing at all, it is not worth bothering
the architecture folks about it.



More information about the Pkg-sysvinit-devel mailing list