On Thu, Jul 17, 2014 at 04:43:40PM -0400, Theodore Ts'o wrote: > So in practice, the fact that we block at system init time shouldn't > be a hardship for LibreSSL in most cases --- and in the case where you > are running on an embedded system where there are barely any devices, > no cycle counter, and nothing that produces enough interrupts to > initialize the pool, what would you prefer that we do? Return data > that might not be fully "seed grade entropy"? > > If you are determined to get data from a not a fully initialized > entropy pool, then you can open /dev/urandom and get it via the old > interface. That sounds reasonable. Maybe a slightly edited version of this writeup could be dropped in the man page to give people context? > (The fact that most systems try to create OpenSSH's host keys as the > first thing after an out-of-the-Box first boot situation is something > I've always considered Crazy-Eddie Bat-Shit Insane....) (Seriously. My atrophied sysadmin muscles still still cringe at that.) - z -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
