[systemd-devel] Why we need to read/save random seed?

Wed Jun 17 07:03:37 PDT 2015

On Wed, 17.06.15 20:21, cee1 (fykcee1 at gmail.com) wrote:

> 2015-06-17 16:40 GMT+08:00 Reindl Harald <h.reindl at thelounge.net>:
> >
> > Am 17.06.2015 um 05:06 schrieb cee1:
> >>
> >> 2015-06-16 0:21 GMT+08:00 Lennart Poettering <lennart at poettering.net>:
> >>>
> >>> On Mon, 15.06.15 23:33, cee1 (fykcee1 at gmail.com) wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> I maybe got confused.
> >>>>
> >>>> First, systemd-random-seed.service will save a "seed" from
> >>>> /dev/urandom when shutdown, and load that "seed" to /dev/urandom when
> >>>> next boot up.
> >>>>
> >>>> My questions are:
> >>>> 1. Can we not save a seed, but load a seed that is read from **
> >>>> /dev/random ** to ** /dev/urandom **?
> >>>
> >>>
> >>> The seed is used for both. Then you'd feed the stuff you got from the
> >>> RNG back into the RNG which is a pointless excercise.
> >>
> >>
> >> systemd-random-seed.service will load the "seed on disk" to
> >> /dev/urandom, and save a "seed" to disk when shutdown, right?
> >>
> >> The article at http://www.2uo.de/myths-about-urandom/ suggests us
> >> saving the seed as soon as there is enough entropy(means read from
> >> /dev/random? if returns, there's enough entropy),
> >
> >
> > well, so you read the seed and inject it to /dev/random followed by read
> > /dev/random and overwrite the seed for the next boot - don't sounds that
> > good
> 
> What I means is:
> 1. Load a saved seed to /dev/urandom.
> 2. The service read /dev/random, which will block until kernel thinks
> there's enough entropy - then the Random Number should be good?
> 3. Save the random number returned in step 2 on disk.

Blocking at boot for this doesn't really sound like an option. But the
kernel does not provide us with any nice notifications about when the
RNG pool is complete. If we want to do this kind of polishing, then
that'd be great, but we'd need sane notifiers for that, blocking
syscalls are not an option.

Lennart

-- 
Lennart Poettering, Red Hat