On Fri, 30 Mar 2012, Steve Grubb wrote:
Something else I'd like to mention is that during system installation there is very little system entropy. There is no saved seed to prime the generators with. (LiveCD's have the same problem.) I have a feeling that the randomness of the numbers is not what you would expect.
Exactly. This is why daemons generating keys (opensshd, sendmail, openswan) generate their keys on "first start" and not on "install".
entropy. But if you don't have a mouse and are doing a text or kickstart install, you need to find a way to get keystrokes involved. If you can think of a key that has no effect on any questions in the install, hit it a bunch of times. If you have a kickstart, put something in the script requiring typing a bunch of keystrokes and throw them away.
Or if it is a net install, you can try and ping (-f) the machine for a little while and see if the network card or interrupts gives you entropy. Though that does not seem to be the case for virtual network adaptors. It's sad that even old cheap VIA CPUs have such a strong random device, that's fully supported with Linux, but that Intel and AMD still haven't caught up yet. My 3 week old intel cpu still seems to be lacking support for anything (like intel-rng.ko). A few years ago, I had a server that supported the intel-rng driver, and rngd kept dropping zeroes and logging warnings. I've never ever gotten a single warning from a VIA CPU. Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
