[Pkg-sysvinit-devel] init.d/urandom : random-seed [patches]
jsd at av8n.com
Sat Sep 11 18:49:49 UTC 2010
On 09/11/2010 11:33 AM, Henrique de Moraes Holschuh wrote:
> BTW, don't just cat the date into /dev/random. Cat the entire contents of
> the kernel log buffer as well.
Can you explain why you think that would be worthwhile?
There was 100% consensus on the cryptography list that using
the date/time was a good idea. Using the entire kernel log
was not discussed, and I guarantee you that it would not
receive consensus. I for one would object that it is not
useful, let alone necessary.
The cryptographic purpose would be fully accomplished by
a humble counter, so long as each time it was used it
differed by even _one bit_ from all previous values.
For present purposes, the clock serves as a counter,
with the advantage that it is present on almost all
The clock-time is guaranteed to be different on each
reboot. The log is not guaranteed to be different,
except insofar as it includes timestamps that depend
on the clock.
> HOWEVER one should contact the porters for the arches with other kernels and
> get the relevant data from them, nobody around here claimed any knowledge of
> how /dev/random in FreeBSD (or The Hurd for that matter) behaves. Heck, I
> don't even KNOW if the initscript runs there or not... :(
That is IMHO a good enough reason to not bother. Since
it is not worth doing at all, it is not worth bothering
the architecture folks about it.
More information about the Pkg-sysvinit-devel