Conversation

OVH Arch Linux VPS image is annoying. They installed and enabled dhcpcd but also have the systemd-networkd DHCP client enabled too. They race with each other and sometimes end up causing a 2 minute delay at boot. It also has the obsolete haveged service installed + enabled too.

Replying to

What makes haveged obsolete?

Replying to

Modern Linux kernel has a proper CSPRNG and has dropped all of the cargo cult entropy exhaustion nonsense. /dev/random and getrandom(...) only block until the CSPRNG is initialized in early boot and never again. Rather than blocking indefinitely, the kernel also now fixes it.

Replying to

and

If reading from /dev/random or calling getrandom(...) would block due to the CSPRNG not being initialized yet, the kernel starts generating jitter entropy until the CSPRNG is initialized. Using haveged is only adding extra complexity with no real benefits.

Replying to

Oh nice! I need to fix that in

then.

Replying to

and

/dev/random no longer uses the cargo cult entropy exhaustion nonsense. It works the same way as getrandom(...) and the GRND_RANDOM parameter for getrandom(...) is a no-op. Entire thing is fixed now other than /dev/urandom not blocking until CSPRNG initialization in early boot.

10:34 PM · May 24, 2021Twitter Web App

Replying to

and

mknod /dev/urandom c 1 8?

Replying to

and

Someone might make another, such as in a container.

Show replies

Replying to

and

Making sure that init reads at least one byte from getrandom(...) or /dev/random before spawning other processes essentially fixes /dev/urandom. The only remaining issue is that the kernel won't block for CSPRNG initialization internally for mitigations, etc. it seeds with it.