On 23/03/2022 03.50, Jason A. Donenfeld wrote: > - Since these seeding shell scripts have always been broken, because > this is how the rng has always been, rather than trying to bolt on a > very imperfect fix in the kernel for something that never worked > right, we could suggest shell scripts take the path that I implemented > for systemd: > https://github.com/systemd/systemd/commit/da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b > In shell, this would look like: > > #!/bin/bash > cat seedfile > /dev/urandom > { cat seedfile; head -c 32 /dev/urandom; } | sha256sum | cut -d ' ' -f 1 > seedfile Maybe stating the obvious, but in the interest of preventing proliferation of more broken shell scripts: The tail of the above should be spelled ... > seedfile.tmp && mv seedfile.tmp seedfile or seedfile would be truncated before cat had a chance to read it. Rasmus
