Daniel Lange dixit: > Thorsten Glaser (CC) has produced a prototype early-rng-init-tools (cf. > https://lists.debian.org/debian-devel/2019/02/msg00327.html) which could be > extended to try reading entropy off the network when it doesn't have a > carried-over seed (as in the Debian Installer case).
Sorry, this is deliberately out of scope. My early-rng-init-tools is exactly for the use case of carrying a random seed between boots and making it available to the system earlier (as a stopgap until all bootloaders support passing it to the kernel before the latter is even run) and *deliberately* does not touch the part where entropy is collected. FWIW, downloading entropy can be done (we have this in the MirBSD installer) but has privacy concerns, so it should perhaps be optional. This is easily done in d-i components, except for the little fact that busybox wget in d-i lacks https support. I’ve built myself a locally patched 'monolith' installer with extra entropy over the network, but that’s site-dependent. Also, please don’t assume everyone has amd64. The m68k people will, among others, thank you ;-) bye, //mirabilos -- When he found out that the m68k port was in a pretty bad shape, he did not, like many before him, shrug and move on; instead, he took it upon himself to start compiling things, just so he could compile his shell. How's that for dedication. -- Wouter, about my Debian/m68k revival
