> Date: Mon, 11 May 2020 17:56:41 -0000 (UTC) > From: mlel...@serpens.de (Michael van Elst) > > riastr...@netbsd.org (Taylor R Campbell) writes: > > >> Date: Mon, 11 May 2020 16:16:12 -0000 (UTC) > >> From: mlel...@serpens.de (Michael van Elst) > >> > >> Now we put all trust in loading a constant file. > > >This is still false, just like it was the last time you made this > >claim. > > We only trust a HWRNG and the seed file because only these enter > a non-zero value for entropy. I cannot configure any other source to > do that.
The kernel assumes anything written to /dev/random has full entropy, so you can voluntarily choose to write something to it if you know something the kernel and driver authors don't. If you are satisfied with the samples of interrupt timings and whatnot, you can always persuade the kernel with dd if=/dev/urandom of=/dev/random bs=32 count=1 > Rebooting after writing a seed once: never blocks again, even when > the file wouldn't change. Please see what happens if you try to load a seed file from a read-only medium. For example, boot into single-user mode and issue rndctl -L /var/db/entropy-file without mounting the root file system read/write first. And next time, please take concerns about this to the thread that's _not_ meant to be focussed on a question about public C API choice.
