On 2021-07-20, Sven F. <sven.falem...@gmail.com> wrote: > On Tue, Jul 20, 2021 at 1:41 PM Theo de Raadt <dera...@openbsd.org> wrote: >> >> The entropy subsystem is complete. >> >> There is no need to do anything more. >> > > I saw that reading adds entropy back, > if the subsystem is complete out of the box that would make > https://man.openbsd.org/omrng or https://man.openbsd.org/octrng.4 superfluous, > which is odd, but i'll trust you on that.
Entropy from the hw RNGs is useful for first boot, and sometimes if you're running from cloned disk images (e.g. for some provisioning systems). > A long time ago it was easy to block /dev/random and urandom was of > lesser quality. Have a read of http://www.openbsd.org/papers/hackfest2014-arc4random/ to see how it works.
