unless you have a threat model in which an attacker can read root-only files from your disk, you could teach the boot entropy thingie to persist your entropy count?
-
-
Replying to @tehjh @benhutchingsuk
use getrandom() to read the entropy to be persisted (so you know it's guaranteed to be cryptographically random), then after reading it back on boot, bump the entropy counter by 128
2 replies 0 retweets 0 likes -
Replying to @tehjh
Now if only we'd thought to put that in the default install 18 months ago...
2 replies 0 retweets 0 likes -
Replying to @benhutchingsuk @tehjh
If there's already packaged code to do that, we can recommend installing/enabling it, but implementing an entirely new service isn't really an option for a stable update
1 reply 0 retweets 0 likes -
Replying to @benhutchingsuk
could you patch systemd-random-seed.service to behave a little differently?
1 reply 0 retweets 1 like -
-
Replying to @benhutchingsuk @tehjh
OK, so at some point we have to store some entropy for use at the next boot. Currently systemd does that immediately after seeding, by reading back from /dev/urandom. This doesn't seem cryptographically sound, but I can't claim to fully understand the implications.
2 replies 0 retweets 0 likes -
Replying to @benhutchingsuk @tehjh
Alternately, we could store entropy on shutdown. Hopefully there's plenty to spare then. We would delete the file after reading it at boot. But then, after an unclean shutdown, we would have to wait for entropy - just at the right time to confuse and annoy the user.
1 reply 0 retweets 0 likes -
Replying to @benhutchingsuk @tehjh
Alternatively alternatively, maybe we could schedule a job to store entropy a few minutes after boot
1 reply 0 retweets 0 likes -
Replying to @benhutchingsuk @tehjh
Or periodically update the stored one until shutdown (or stop earlier when deemed sufficient?)
1 reply 0 retweets 0 likes
IIRC Android has code somewhere that does that
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.