init.d/urandom : saving random-seed
Guus Sliepen
guus at sliepen.org
Sat Jul 31 13:25:50 EDT 2010
On Sat, Jul 31, 2010 at 04:55:18AM -0700, John Denker wrote:
> > 2. How dangerous it is to feed the pool with stale seed data in the next
> > boot (i.e. in a failure mode where we do not regenerate the seed file) ?
[...]
> Now, to answer the question: A random-seed file should never be reused.
> Never ever.
>
> Reusing the random-seed file makes the PRNG very much worse than it would
> otherwise be. By way of illustration, suppose you are using the computer
> to help you play "battleship" or "go fish" against a ten-year-old opponent.
> If you use the same 'random' numbers after every reboot, the opponent is
> going to notice. You are going to lose. In more-demanding situations,
> against an opponent with more skill and more motivation, you are going to
> lose even more miserably.
I do not think replaying a "stale" seed file at boot is any worse than not
replaying that file. The real issue is how to ensure a fresh seed file.
However, looking at Debian's /etc/init.d/urandom, right after writing the seed
file to /dev/urandom, it immediately creates a new one by reading from the
freshly seeded /dev/urandom again. There is a comment right above that section
in the script: "Hm, why is the saved pool re-created at boot? [pere
2009-09-03]". Of course that is to ensure there is always a fresh seed file,
even if the system crashes and cannot writte a new seed file at shutdown time.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20100731/ebf1e9a3/attachment.pgp>
More information about the cryptography
mailing list