|
|
Subscribe / Log in / New account

Fixing getrandom()

Fixing getrandom()

Posted Sep 27, 2019 18:37 UTC (Fri) by cesarb (subscriber, #6266)
Parent article: Fixing getrandom()

> In order for the generation of keys to fail under that scheme, he said, they would have to be generated at boot on idle machines that are not doing anything that would allow entropy to be collected.

Isn't "idle machines that are not doing anything else" exactly the situation in the first boot of a newly-installed distribution, which is when the long-term ssh host keys (which do need strong random numbers) are usually generated?

to post comments

Fixing getrandom()

Posted Oct 4, 2019 7:14 UTC (Fri) by kmeyer (subscriber, #50720) [Link] (1 responses)

1. The installation process generates a lot of IO, sufficient to seed the CSPRNG. It should emit a seed that can be used by the next boot (much like any other reboot entropy save).
2. Optionally, the installer can also generate and write out sshd host keys. There's not a lot of reason to wait until first boot for that.

Fixing getrandom()

Posted Oct 4, 2019 11:36 UTC (Fri) by Jandar (subscriber, #85683) [Link]

The devices in question aren't installed individually. One image of a single install is put on thousands or millions of them, so generating host keys at installation time is the worst thing to do.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds