Mystery solved. Because there were concerns about entropy availability on many systems, particularly servers, a new method of seeding the PRNG was implemented. It is called chacha20, a variation of salsa20. https://en.wikipedia.org/wiki/Salsa20 Here is some discussion of the change: https://lwn.net/Articles/686033/ https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.8-dev-random >From comment in random.c + * Get a random word for internal kernel use only. The quality of the random + * number is either as good as RDRAND or as good as /dev/urandom, with the + * goal of being quite fast and not depleting entropy. So, this is a compromise, which protects those systems without access to plentiful entropy, at the expense of those systems which do have such access. I think they should have left this as a configuration option for the kernel, so those who had systems with plenty of entropy could continue using it to strengthen the output of the prng in the kernel. I suppose they thought that maintaining dual code was too problematic. But I think there would be very little maintenance of either of these code branches, barring drastic revelations about their security. _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
