On Tue, Oct 30, 2018 at 10:15:44AM -0400, Theodore Y. Ts'o wrote: > On Tue, Oct 30, 2018 at 01:18:08AM +0100, Sebastian Andrzej Siewior wrote: > > Using ioctl(/dev/urandom, RNDADDENTROPY, ) instead writting to > > /dev/urandom would do the trick. Or using RNDADDTOENTCNT to increment > > the entropy count after it was written. Those two are documented in > > random(4). Or RNDRESEEDCRNG could be used to force crng to be reseeded. > > It does also the job, too. > > > > Ted, is there any best practise what to do with the seed which as > > extrected from /dev/urandom on system shutdown? Using RNDADDTOENTCNT to > > speed up init or just write to back to urandom and issue RNDRESEEDCRNG? > > The reason why writing to /dev/[u]random via something like: > > cat /var/lib/random/seed > /dev/random > > Dosn't bump the the entropy counter is because it's possible that an > attacker could read /var/lib/random/seed. Even if the seed file is > refreshed on shutdown, (a) the attacker could have read the file while > the system is down, or (b) the system could have crashed so the seed > file was not refreshed and the attacker could have read the file > before the crash.
So are you saying that the /var/lib/random/seed is untrusted, and should never be used, and we should always wait for fresh entropy? Anyway, I think if an attacker somehow has access to that file, you have much more serious problems. Kurt
