Is haveged still considered a reasonable way to gather entropy for the Linux RNG?
-
-
Replying to @benhutchingsuk
why would you need to gather extra entropy? are you on a system with no persistent storage?
1 reply 0 retweets 0 likes -
Replying to @tehjh
Looking at the fallout in Debian from fixing CVE-2018-1108, quite a few systems take unreasonably long to gather entropy
1 reply 0 retweets 0 likes -
Replying to @benhutchingsuk
unless you have a threat model in which an attacker can read root-only files from your disk, you could teach the boot entropy thingie to persist your entropy count?
1 reply 0 retweets 0 likes -
Replying to @tehjh @benhutchingsuk
use getrandom() to read the entropy to be persisted (so you know it's guaranteed to be cryptographically random), then after reading it back on boot, bump the entropy counter by 128
2 replies 0 retweets 0 likes
I guess the downside to that would be what happens when someone distributes an image of an installed system without realizing that they have to delete the entropy file...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.