[Cryptography] initializing kernel PRNG much much sooner on Ubuntu (upstart)
Yaron Sheffer
yaronf.ietf at gmail.com
Mon Nov 4 01:42:21 EST 2013
>
> I took a stab at translating the thing.
> http://www.av8n.com/cgit/cgit.cgi/init-urandom/
>
> This is first-draft code that has been thought about for maybe 5 minutes
> total, but it's better than nothing. It seeds the PRNG much, much sooner.
> It makes the ssh server dependent on the "urandom" event (although this
> is now in the category of belt-and-suspenders).
>
> I am under no illusions that the seed file is getting loaded early /enough/
> in absolute terms. It is, however, a whole lot earlier in relative terms.
> The new data is tabulated here, along with more discussion:
> http://www.av8n.com/computer/htm/secure-prng.htm#sec-discuss
>
> Comments? Suggestions? Better ideas?
>
You write: "The device might have a fixed address, or some other reason
for not doing DHCP at all."
A fixed address does not preclude requesting other parameters by using
DHCP. This is commonly done, with the DHCPINFORM message:
http://tools.ietf.org/html/rfc2131#section-3.4
Thanks,
Yaron
More information about the cryptography
mailing list