Syscall based entropy
Guilhem Moulin
guilhem at fripost.org
Wed Dec 30 22:50:22 AWST 2015
On Wed, 30 Dec 2015 at 22:08:14 +0800, Matt Johnston wrote:
> Using getrandom() is on my todo list - I'd be glad to take a
> patch.
Awesome! I most likely won't have time to work on this during the next
couple of weeks, but I'll have a look at some point if you have not done
so already ;-)
> I think the best behaviour would be to call
> getrandom() on urandom with GRND_NONBLOCK in a loop
> printing a warning to dropbear_log() if it is blocking (not
> yet initialised) and keep waiting.
This is exactly what I've seen done elsewhere :-) I'm curious of the
possibility of an infinite loop though, but there is only one way to
find out how long one has to wait in practice ;-) I'm not familiar with
how the kernel fills its entropy pool, but I would hope it can use TCP
packets once network has been configured and a client tries to speak
with the SSH port, even when there is nothing listening on that port
yet.
> The extra sources in seedrandom() are purely opportunistic -
> better than nothing, though really it would be best if
> /dev/urandom blocked at boot until it's seeded (like getrandom()).
Yup
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20151230/94eca91a/attachment.sig
More information about the Dropbear
mailing list