Lazyweb, what is the current state of entropy properties for Linux AT_RANDOM? Is it junk at early boot?
Conversation
Replying to
Same as /dev/urandom. AT_RANDOM cannot prevent an executable from being loaded in early boot ...
1
1
Replying to
So would you agree it should be classified as "suitable entropy for hardening mitigations - canary, address randomization, pointer obfuscation, etc. - but not for cryptographic entropy source?
2
1
It's the same as 16 bytes from /dev/urandom. The entropy is sufficient for seeding a CSPRNG if the kernel CSPRNG was initialized when the process was spawned, unlike getrandom. A unique issue is that it can and does get reused and only libc could replace it safely during init.