[Cryptography] randomness +- entropy
Bear
bear at sonic.net
Tue Nov 12 18:11:06 EST 2013
On Tue, 2013-11-12 at 18:23 +1000, James A. Donald wrote:
> On 2013-11-12 16:44, John Denker wrote:
> > The fact is, there are some applications that cannot make do with
> > low-quality randomness *and* cannot afford to wait.
>
> I don't think so.
>
> I think this is a configuration bug. By the time you have completed the
> boot process, you have accumulated lots of entropy, and there is no
> cryptographic application so urgent it cannot wait for the boot process
> to complete.
>
> However, some idiot puts a process needing true randomness early in the
> boot process for no good reason.
>
> A process needing true randomness should fail by design in such case.
I'm inclined to agree. IMO the kernel ought to simply terminate any
process that attempts to read /dev/random before the boot process is
complete.
More information about the cryptography
mailing list