[Pkg-sysvinit-devel] Saving of /dev/urandom seed at Debian bootup
Henrique de Moraes Holschuh
hmh at debian.org
Fri Jul 13 14:08:18 UTC 2012
On Fri, 13 Jul 2012, Petter Reinholdtsen wrote:
> [Mikko Hänninen]
> > While investigating randomness and /dev/urandom on Debian Linux,
> > I came across this comment (by you, I think):
> >
> > # Hm, why is the saved pool re-created at boot? [pere 2009-09-03]
> >
> > in /etc/init.d/urandom, part of initscripts in Debian Squeeze.
> >
> > Hopefully I've inferred correctly who to contact about it. I know the
> > question is nearly three years old, but in case nobody has provided
> > the answer to you yet, and you're still curious, then here's my guess:
>
> The pkg-sysvinit-devel at lists.alioth.debian.org list is a better contact
> point. I send your email there.
>
> Thank you for the input. I did get some feedback about this question
> earlier, and guess the comment should be replaced with an explaination
> now. :)
>
> See
> <URL: http://lists.alioth.debian.org/pipermail/pkg-sysvinit-devel/2010-July/004533.html >
> for the old thread.
Also, the /dev/random driver in the kernel finally has a maintainer with
more time to enhance it. I am keeping a close eye on it, and will request
backports to the Debian stable kernel on the grounds that it is very
important for security, but that's at least six months away (you HAVE to
give these things some time to mature). Some of the changes being proposed
give it more a bit more unpredictability at cold start. But nothing nearly
as good as[1] the seeding done by the operating system using the saved state
at shutdown/reboot.
[1] assuming no reuse of the seed.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-sysvinit-devel
mailing list