[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#23605: /dev/urandom not seeded across reboots

From: Leo Famulari
Subject: bug#23605: /dev/urandom not seeded across reboots
Date: Tue, 24 May 2016 13:23:29 -0400
User-agent: Mutt/1.6.0 (2016-04-01)

On Tue, May 24, 2016 at 12:26:29PM -0400, Thompson, David wrote:
> On Tue, May 24, 2016 at 12:16 PM, Leo Famulari <address@hidden> wrote:
> > On Tue, May 24, 2016 at 09:05:21AM +0200, Taylan Ulrich Bayırlı/Kammer 
> > wrote:
> >> Leo Famulari <address@hidden> writes:
> >> > Does anyone have advice about the service? Am I wrong that we need to
> >> > seed /dev/urandom to make it work properly?
> >>
> >> Yes, this is necessary under Linux if you want urandom to be random
> >> enough immediately after boot, and all the distros do it as part of
> >> their init.
> >>
> >> There's also an interesting implication here about the very first time
> >> you boot the system and don't have a urandom seed file from the last
> >> shutdown yet.  I don't know how this is typically handled, given that
> >> for instance it's quite possible that a user might generate SSH keys
> >> shortly after their first boot of a system.
> >
> > When I boot a GuixSD VM for the first time [0], it requires me to dance
> > on the keyboard until it has collected ~200 bits of entropy. I assumed
> > this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
> > sure.
> This is just an annoying feature of GNU lsh.  I want to switch my
> machines to OpenSSH sometime, partly due to this.

Well, it seems that this feature might be protecting us against using
weak SSH session keys on first boot, if it's doing what I think it's

reply via email to

[Prev in Thread] Current Thread [Next in Thread]