[Cryptography] where shall we put the random-seed?
Jerry Leichter
leichter at lrw.com
Wed Dec 28 17:55:50 EST 2016
So ... I'm a bit puzzled. Early in boot there may not be enough seeding material to get good kernel address randomization. So why not boot without it into a special restricted mode which only allows pre-vetted code to run, gather up some good seed bits - and reboot, passing along the seed bits? Takes a bit longer but if your concerns are at this level you should be willing to accept that.
-- Jerry
More information about the cryptography
mailing list