Fixing getrandom()

Posted Sep 28, 2019 6:00 UTC (Sat) by alonz (subscriber, #815)
In reply to: Fixing getrandom() by ncm
Parent article: Fixing getrandom()

The actual scarce resource (in my opinion 😏) is random data that can be trusted by a truly-paranoid person. (Whether the paranoia is justified or not is a different question; I would expect the smart paranoid to use a hardware RNG, not trust the off-the-shelf randomness from a general-purpose computer + OS).

For most uses, a simple userspace solution that runs very early in the boot sequence and credits some environment noise as entropy should be sufficient. This would solve even the “initial SSHD seed” concerns — however it is easily broken by distributors / packagers who might remove it in the name of “faster boot”.