Am 10.05.2018 um 00:46 schrieb Ben Hutchings: > 1. Add entropy to the kernel during boot; either: > a. Improve systemd-random-seed > b. Recommend use of haveged > 2. For each affected userland package, either: > a. Revert to using /dev/urandom > b. Tolerate a longer wait for getrandom() to return > > I asked about haveged on Twitter, and got into a discussion with Jann > Horn (who reported the original issue). He pointed out that the > systemd-random-seed service already saves and restores some random data > between boots. It currently doesn't tell the RNG that this should be > treated as adding to available entropy, so it doesn't help to unblock > getrandom(). It also doesn't fully protect against using the same > saved data twice, which would be a prerequisite.
There is https://github.com/systemd/systemd/issues/4271 which seems related. If there is further feedback from our side, this should probably be added to the upstream bug report. > The libbsd maintainer (Guillem Jover) favours option 2a. > > One of the krb5 maintainers (Benjamin Kaduk) favours option 2b, and > also proposed that systemd could provide a wait-for-rng-ready unit to > support this. What exactly would such a wait-for-rng-ready service do and how would it solve this particular problem? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
