[Cryptography] Random numbers only once
Theodore Ts'o
tytso at mit.edu
Thu Feb 6 14:22:20 EST 2014
On Thu, Feb 06, 2014 at 09:15:15AM +0000, Darren Moffat wrote:
>
> Given how rarely many server systems reboot and that fact that most
> critical key generation is more likely to be done on the first one
> or two boots afer intial install I think this is pointless anyway.
I agree that for server systems, saving a few hundred bytes of data
from /dev/random and restoring it on reboot is unlikely to help,
but... (a) it's more useful for laptop systems that reboot more often,
and (b) for those virtualization systems that for whatever reason
can't or don't want to support virtio-rng, it's another way for the
host OS to provision randomness to a guest OS at startup. Personally,
I prefer using virtio-rng, but any kind of seeding from the host OS to
the guest OS is a gift horse which I won't complain too much about.
- Ted
More information about the cryptography
mailing list