[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
James A. Donald
jamesd at echeque.com
Sat Oct 19 00:11:17 EDT 2013
On 2013-10-19 09:08, Nico Williams wrote:
> The problem is that many apps expect /dev/urandom never to block. This
> is a severe problem if such an app is invoked early in boot and blocks
> the rest of the bootup procedure.
If an app expects urandom never to block, and itself blocks bootup, that
app is broken, because it is doing something that requires or purports
to provide cryptographic security, which it will not get.
The cure is to remove the app from the bootup process, rather than
employ an app providing security theater.
The app will probably run fine if launched at a later stage in the
process. If not, needs rewriting.
More information about the cryptography
mailing list