random seed initialization?

Matthias Benkmann msbREMOVE-THIS at winterdrache.de
Sun May 23 13:20:53 PDT 2004


On Sun, 23 May 2004 09:42:43 -0700 Jeremy Utley <jeremy at jutley.org> wrote:

> Hey all!
> 
> I think the random seed initialization should be moved from BLFS to 
> LFS.  This is really proper configuration of the random device node, and
> 
> as such should be dealt with in LFS.  Also, I personally can't forsee
> a situation where a user would want a non-random seed value for the 
> random device.

While of course no one will want a non-random seed value, some people
don't care about the low (not empty) entropy pool at bootup. I don't save
my random seed across reboots. I don't need to. 99.9% of all people will
never ever need to bother with saving/restoring the entropy pool. The
other 0.1% will never be exploited, even if they don't do it. To the best
of my knowledge no successful attack has ever been demonstrated that was
faciliated by a low entropy pool at bootup. This is totally theoretical
and unless your enemies include organizations such as the NSA, you don't
need to bother either way. This is not "proper configuration of the random
device". It's paranoia, plain and simple. This is on the same level as
banning nail clippers on airplanes to boost security.
There is only a very small justification for that script, namely that
applications that insist on using /dev/random instead of /dev/urandom
could possibly stall for a little while if they are launched right after
bootup and there's no activity on the system. But setups like this are way
beyond LFS (and they're silly).


MSB

-- 
Vacuum cleaners suck!




More information about the lfs-dev mailing list