[Cryptography] RFC possible changes for Linux random device

William Allen Simpson william.allen.simpson at gmail.com
Mon Sep 15 12:55:24 EDT 2014


On 9/14/14 2:06 PM, Bear wrote:
> In my very strong opinion, a requirement for boot-time entropy can
> result only from bad design.  Systems that need boot time entropy
> can need it only because they are doing things at boot time which
> should not be done at boot time, and failure to correct this OS
> design failure is actively harmful to security.
>
Agreed.  Once upon a time, I submitted a patch for Linux to delay
selection of the secret for TCP syncookies, until an actual TCP
packet arrived!  And to change the secret on a regular basis....

David Miller rejected it.  It would really help for Linux to
have more folks who supported (or even understood) security.



More information about the cryptography mailing list