VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

Kurt Roeckx kurt at roeckx.be
Fri Jun 7 23:24:45 UTC 2019


On Fri, Jun 07, 2019 at 07:04:57PM -0400, Viktor Dukhovni wrote:
> On Sat, Jun 08, 2019 at 12:54:36AM +0200, Kurt Roeckx wrote:
> 
> > On Fri, Jun 07, 2019 at 03:37:07PM -0400, Viktor Dukhovni wrote:
> > > > On Jun 7, 2019, at 3:25 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> > > > 
> > > > For older kernels you install rng-tools that feeds the hwrng in
> > > > the kernel.
> > > 
> > > Which works for me, and is pretty much the point I'm trying to make.
> > > Then, read /dev/random once early at boot, and do nothing special
> > > libcrypto (safely use /dev/urandom).
> > 
> > The only thing rng-tools will actually solve is the starvation
> > issue. No service will depend on it, since they don't have any
> > relationship with it. Nor can you wait for it, it's not because
> > it's started that it has initialized the kernel. I think I've also
> > seen reports that it got started too late, actually after a
> > services that wants to ask the kernel for random numbers.
> 
> Then a different service can be developed that does block just once
> at boot, and tries to obtain entropy from a configurable set of
> sources (to avoid or reduce unbounded delay, and mix in more
> independent sources).

That's all very nice, but nobody is going to run that.


Kurt



More information about the openssl-project mailing list