[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/1] Improvements to urandom-seed service
|
From: |
Leo Famulari |
|
Subject: |
[PATCH 0/1] Improvements to urandom-seed service |
|
Date: |
Fri, 3 Jun 2016 22:56:49 -0400 |
I read more on the subject of seeding /dev/urandom [0] and I found that
our service should be improved.
We should "refresh" the seed unconditionally in 'start', after we use it
to seed /dev/urandom [1]. This way, if there is no clean shut down, the
next boot does not re-use the same seed. At first boot, this "refreshed"
seed may not be of great quality, since we have not seeded /dev/urandom
yet, but it's better than the possibility of a 2nd boot with no seeding
at all.
This is recommended in the example in random(4) and the Linux code
comments [2]. I missed this before.
Currently, we make sure the seed exists with appropriate permissions
during activation.
If we refresh the seed in 'start', we can ensure it exists before
refreshing it. Since 'stop' also creates the seed file, we might as well
remove the activation code entirely... right? In that case, we also need
to do mkdir-p in 'stop', to be sure.
Your feedback is requested!
[0]
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c#n159
[1] This does not happen if the seed file does not exist. With this
patch, the seed file will not exist at first boot until 'start' has
completed.
[2]
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c#n202
Leo Famulari (1):
services: urandom-seed: Refresh seed at boot.
gnu/services/base.scm | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
--
2.8.3
- [PATCH 0/1] Improvements to urandom-seed service,
Leo Famulari <=