Yousong Zhou <yszhou4t...@gmail.com> [2019-05-29 10:25:52]: > On Tue, 28 May 2019 at 05:30, Petr Štetiar <yn...@true.cz> wrote: > > > > urandom-seed content was split from base-files into separate package so > > in order to preserve the current functionality and to provide some > > fallback mechanism in case jent-rng initialization fails in urngd we > > need to add it back. > > > > urngd is OpenWrt's micro non-physical true random number generator based > > on timing jitter. > > If I understand the patch correctly it seems the urandom-seed will run > along side with urngd, not a fallback.
along side with urngd, not as a fallback, just to keep the current state. It's not a fallback as urandom-seed doesn't provide input which is trusted by kernel as urandom-seed is just feeding urandom.seed file to kernel through /dev/urandom file, and this input is never trusted by kernel so it's just being added to the entropy pool, without any credibility. > Is urandom-seed a must, or only serve as a precaution just in case? it's not a must, 4.14 kernel (didn't checked 4.9) can collect good enough entropy by itself. urandom-seed is just adding some kind of 512 byte noise (which we collect only on the first boot) to the kernel entropy pool, which is then being mixed with other kernel sources in order to provide usable noise to /dev/random. > If urngd can solve the problem what urandom-seed is for, I would > suggest we make urandom-seed an opt-in option, not included by > default. That was my plan in RFC series, but as we don't know yet where urngd works, I've kept it for now. We can then probably remove urandom-seed in those platforms, where we're sure, that urngd works and if we find out, that it's just mt7620 having issues, then we can make it opt-in by default (remove urandom-seed from the global default packages) and add urandom-seed just to the mt7620 default package set. -- ynezz _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
