>On April 13, 2016 4:28:13 PM GMT+02:00, Theo de Raadt <dera...@openbsd.org> >wrote: >>>Kevin Chadwick wrote: >>>> Whilst likely not a major issue. I also started to wonder whilst >>>> reading man rc.shutdown, if a daemon or other process could >>potentially >>>> use /dev/urandom between saving the seed and shutdown so >>could/should >>>> the random.seed be saved a little later after /etc/rc.shutdown runs? >>> >>> >>>that doesn't matter. >> >>indeed, randomization is initialized eons before then. >> >>http://www.openbsd.org/papers/hackfest2014-arc4random/index.html > > >What's important to realize is that it's a seed being written to >disk, not the random subsystem state. As such, the random numbers will >not repeat themselves after reboot even if randomness was consumed >after the seed was written.
No, it is even better than that. On 99.9% of machines, the bootblocks will go through extra effort to perturb that entropy payload... (and succeed, because the hardware provides means available to the bootblocks) If all things go well, there is no correlation. If things go badly, the correlations that exist are still meaningless. Even in a VM environment, which is one of the toughest. In this matter, many other systems are infantile. Their design patterns don't allow them to think outside the box. Little wonder therefore that operating system users have developed such doubts about these systems. Everyone else sucks.
