Hi,
[For full context, and to avoid rehashing previous discussion, please
read
https://labs.riseup.net/code/issues/7642.]
Mostly quoting my last comment there:
The long-term plan, for persistence users, is #7675 ("Persist entropy
pool seeds"). However, it covers neither the short term, nor people
using Tails without persistence. It seems that our options are:
1. keep things as-is => urandom is seeded by date +%s.%N + a publicly
known value
2. drop the publicly known value => urandom is seeded by date +%s.%N
only
3. disable (at least the relevant part of) the urandom initscript =>
urandom is only seeded by the kernel, somehow
Solution 2 doesn't look any better than solution 1 to me, so the
choice seems to be between solution 1 and 3.
I think it mainly depends on whether haveged (and rngd) will
contribute to the pool used by urandom, which is still unclear to me
(see note 12 on the ticket).
Does anyone know for sure the answer to this question (pointers to the
relevant code might help)? Or shall I go ask Linux randomness experts,
such as hpa and the rngd / haveged authors?
Cheers,
--
intrigeri