init.d/urandom : saving random-seed

Jerry Leichter leichter at
Sun Aug 1 00:00:39 EDT 2010

On the question of what to do if we can't be sure the saved seed file  
might be reused:  Stir in the date and time and anything else that  
might vary - even if it's readily guessable/detectable - along with  
the seed file.  This adds minimal entropy, but detecting that a seed  
file has been re-used will be quite challenging.  A directed attack  
can probably succeed, but if you consider the case of a large number  
of nodes that reboot here and there and that, at random and not too  
often, re-use a seed file, then detecting those reboots with stale  
seed files seems like a rather hard problem.  (Detecting them  
*quickly* will be even harder, so active attacks - as opposed to  
passive attacks that can be made on recorded data - will probably be  
out of the question.)

I wouldn't recommend this for high-value security, but then if you're  
dealing with high-value information, there's really no excuse for not  
having and using a source of true random bits.
                                                         -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list