[Cryptography] Entropy Needed for SSH Keys?
Jason Cooper
cryptography at lakedaemon.net
Mon May 23 15:52:07 EDT 2016
Hi Ray,
On Mon, May 23, 2016 at 11:09:46AM -0700, Ray Dillinger wrote:
...
> But, honestly, I sincerely question the idea that you need random
> numbers "early" in the boot process.
The caveat here is kernel ASLR. The address space is setup when the
decompressor is run. It either needs an architecture-specific function
like RDRAND/RDSEED, or to be handed a seed by the bootloader.
There's also the whole suite of kernel self-protection mechanisms like
stack canaries and so on.
thx,
Jason.
More information about the cryptography
mailing list