On Thu, May 26, 2016 at 10:57:53PM +0200, Sebastian Andrzej Siewior wrote: > On 2016-05-26 00:28:05 [+0200], Kurt Roeckx wrote: > > > Kurt, what about dropping that .rnd thingy and going straight for > > > /dev/urandom as default? > > > If I read it right, it is just the internal seed. We would use instead > > > always what the 2KiB the OS gives us and never write it back. The random > > > data is still produce by openssl. And we would have a more random 1st > > > start than without it :) > > > It does not look like a loss. > > > > I guess that if we can trust the OS to give us proper random data > > that it's not useful to keep that file. > > > > There are plans to rewrite the RNG, and maybe at that point it > > will go away. > > So do we feel like changing something or sitting that one out until post new > RNG code? I *guess* a patch to allow using /dev/urandom instead of .rnd will > be deferred until the new RNG is there.
I guess I didn't look close enough to how it works now, but it should also use /dev/urandom. > This will be post 1.1.0 right? Yes, it's clearly post 1.1.0. Nobody had time for that before the feature freeze. Kurt
