[systemd-devel] Why we need to read/save random seed?

[Lennart Poettering]

On Mon, 15.06.15 23:33, cee1 (fykcee1 at gmail.com) wrote:

> Hi,
> 
> I maybe got confused.
> 
> First, systemd-random-seed.service will save a "seed" from
> /dev/urandom when shutdown, and load that "seed" to /dev/urandom when
> next boot up.
> 
> My questions are:
> 1. Can we not save a seed, but load a seed that is read from **
> /dev/random ** to ** /dev/urandom **?

The seed is used for both. Then you'd feed the stuff you got from the
RNG back into the RNG which is a pointless excercise.

> 2. Saving a seed on disk, and someone reads the content of it later,
> will this make the "urandom" predictable?

Well, it will always be mixed with whatever else is there, so
hopefully not. Also, the seed file is not readable by non-root, so it
should hopefully not leak.

The seed stuff can never make things worse, it can only make things
ebtter.

> Talking about /dev/random, it consumes an internal entropy pool, some
> system events(disk reading/page fault, etc) enlarges this pool, am I
> right?

Well, yeah, but if you want to know systemd is probably not the right
source of information for that. LWN had a couple of stories about this
however.

> And write to /dev/random will mix the input data into the pool, but
> not enlarge it, right?  What benefits can it get when only mix data
> but not enlarge the entropy pool?

Well, it's one thing to hand out randomness, it's another thing to
claim it was any good. Even though the seeding doesn't make the kernel
pretend it was good, it is still added to the randomness, hence should
generally be better than what was before, and in the worst case as
good, but never worse.

> 3.16+ will mix data from HWRNG, does it also enlarges the entropy pool?

That's probably something to ask in some kernel forum...

Lennart

-- 
Lennart Poettering, Red Hat