Am Donnerstag, 21. April 2016, 15:03:37 schrieb Nikos Mavrogiannopoulos: Hi Nikos, > > [quote from pdf] > > > ... DRBG is “minimally” seeded with 112^6 bits of entropy. > > This is commonly achieved even before user space is initiated. > > Unfortunately one of the issues of the /dev/urandom interface is the > fact that it may start providing random numbers even before the > seeding is complete. From the above quote, I understand that this > issue is not addressed by the new interface. That's a serious > limitation (of the current and inherited by the new implementation), > since most/all newly deployed systems from "cloud" images generate > keys using /dev/urandom (for sshd for example) on boot, and it is > unknown to these applications whether they operate with uninitialized > seed. One more item to consider: If you do not want to change to use getrandom(2), the LRNG provides you with another means. You may use the /proc/sys/kernel/random/drbg_minimally_seeded or drbg_fully_seeded booleans. If you poll on those, you will obtain the indication whether the secondary DRBG feeding /dev/random is seeded with 112 bits (drbg_minimally_seeded or 256 bits (drbg_fully_seeded). Those two booleans are exported for exactly that purpose: allow user space to know about initial seeding status of the LRNG. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html