[Pkg-sysvinit-devel] Bug#596482: initscripts: init.d/urandom : Include date and time when seeding the RNG.
John Denker
jsd at av8n.com
Sat Sep 11 21:39:16 UTC 2010
Package: initscripts
Version: 2.86.ds1-61
Severity: important
Tags: patch
During initialization, include this: date +%s.%N > /dev/random
This is important for systems that boot from read-only media and
have few if any realtime sources of new entropy. Unattended and/or
embedded systems tend to fall into this category.
This solution was discussed on the cryptography mailing list, and
there was 100% consensus that it would be a good idea.
Tangential remark: Back in 2007, Bug #455230 expressed a similar
goal, but did not correctly identify the important use-case, and did
not offer the correct solution. The solution here meets the goals
of that earlier request.
*) Using the date+time as part of the seed is important every time a
system is /rebooted/ from read-only media; that is, it is important
for every boot except the first. We don't want to restore the RNG
to a previously-used state.
*) This is most effective as part 1 of a two-part solution. Part 2 is
to ensure that the read-only random.seed file is unshared and unique
on a host-by-host basis. Part 2 is not the subject of this report.
We can and should implement Part 1 without waiting for Part 2. The
date+time is /different/ on each reboot, and that is all that is
needed, provided the random.seed is unshared and unique.
This is #4 in a group of 5 patches for init.d/urandom.
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i586)
Kernel: Linux 2.6.26.5 (PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
More information about the Pkg-sysvinit-devel
mailing list