VOTE Apply PR#9084 reverting DEVRANDOM_WAIT
Kurt Roeckx
kurt at roeckx.be
Fri Jun 7 18:38:17 UTC 2019
On Fri, Jun 07, 2019 at 06:06:02PM +0000, Dr. Matthias St. Pierre wrote:
> > Introducing DEVRANDOM_WAIT didn't cause any change for us, because
> > we use getentropy(), and a recent kernel. But even systems that
> > use getentropy() with an older kernel can have a large delay after
> > boot.
>
> Yes, but that's the crucial difference IMHO: while getentropy() on blocks once
> during the early boot phase until its initial seeding completes, the DEVRANDOM_WAIT
> approach will block several times, depending on how much the other processes drain
> the /dev/random device.
I agree that the solution is not ideal, but I think it's better than
not having it.
Kurt
More information about the openssl-project
mailing list