Start up entropy gathering

Kurt Roeckx kurt at
Thu Jun 13 21:38:08 UTC 2019

On Thu, Jun 13, 2019 at 05:06:16PM +1000, Dr Paul Dale wrote:
> The second suggestion is broadly similar but requires a file containing entropy that persists across reboots.  This alternative requires a more management: the entropy file once read needs to be rewritten immediately (and ideally on shutdown as well).  It also introduces a new attack vector against the entropy storage.  It also isn’t possible to skip the entropy file read/rewrite sequence because it is impossible to determine if /dev/urandom has actually been seeded.  I’ve not attempted to code this, persistent files containing seed material potentially introduce other problems.

This is what init systems have always done. I see no need to also
do it. They have a policy not to credit that the entropy from that
file, I see no reason why we should override that policy.


More information about the openssl-project mailing list