[systemd-devel] Why we need to read/save random seed?

Lennart Poettering lennart at poettering.net
Wed Jun 17 09:02:10 PDT 2015


On Thu, 18.06.15 00:00, cee1 (fykcee1 at gmail.com) wrote:

> First it seeds /dev/urandom
> Second, seed /dev/random will not increase the entropy without using
> ioctl (please see
> https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg32555.html)
> 
> Though, some other services may read /dev/random, and the suggested
> logic may exhaust the very little entropy, hence blocks "those other
> services"?
> 
> May use getrandom(as mentioned in http://www.2uo.de/myths-about-urandom):
> """
> This syscall does the right thing: blocking until it has gathered
> enough initial entropy, and never blocking after point.
> """

We already make use of getrandom() elsewhere, hence it's OK to
use. However, given how new the call is there should be a fallback to
/dev/random in place, even if that makes us lose the entropy...

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list