On Thu, 18.06.15 00:00, cee1 ([email protected]) wrote: > First it seeds /dev/urandom > Second, seed /dev/random will not increase the entropy without using > ioctl (please see > https://www.mail-archive.com/[email protected]/msg32555.html) > > Though, some other services may read /dev/random, and the suggested > logic may exhaust the very little entropy, hence blocks "those other > services"? > > May use getrandom(as mentioned in http://www.2uo.de/myths-about-urandom): > """ > This syscall does the right thing: blocking until it has gathered > enough initial entropy, and never blocking after point. > """
We already make use of getrandom() elsewhere, hence it's OK to use. However, given how new the call is there should be a fallback to /dev/random in place, even if that makes us lose the entropy... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
