Is haveged still considered a reasonable way to gather entropy for the Linux RNG?
unless you have a threat model in which an attacker can read root-only files from your disk, you could teach the boot entropy thingie to persist your entropy count?
-
-
use getrandom() to read the entropy to be persisted (so you know it's guaranteed to be cryptographically random), then after reading it back on boot, bump the entropy counter by 128
-
Now if only we'd thought to put that in the default install 18 months ago...
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.