[Cryptography] RFC possible changes for Linux random device
William Allen Simpson
william.allen.simpson at gmail.com
Mon Sep 15 12:55:24 EDT 2014
On 9/14/14 2:06 PM, Bear wrote:
> In my very strong opinion, a requirement for boot-time entropy can
> result only from bad design. Systems that need boot time entropy
> can need it only because they are doing things at boot time which
> should not be done at boot time, and failure to correct this OS
> design failure is actively harmful to security.
>
Agreed. Once upon a time, I submitted a patch for Linux to delay
selection of the secret for TCP syncookies, until an actual TCP
packet arrived! And to change the secret on a regular basis....
David Miller rejected it. It would really help for Linux to
have more folks who supported (or even understood) security.
More information about the cryptography
mailing list