On Fri, Nov 02, 2018 at 01:24:25AM +0100, Kurt Roeckx wrote:
> Anyway, on my laptop I get:
> [ 12.675935] random: crng init done
>
> If the TPM is enabled, I also have an /etc/hwrng, but rng-tools is
> started later after the init is done.
>
> On my desktop (with a chaos key attached)
> [
On Thu, Nov 01, 2018 at 07:50:35PM -0400, Theodore Y. Ts'o wrote:
> On Thu, Nov 01, 2018 at 11:18:14PM +0100, Sebastian Andrzej Siewior wrote:
> > Okay. So you wrote what can be done for a system with HW-RNG/kvm. On
> > bare metal with nothing fancy I have:
> > [3.544985] systemd[1]: systemd
On 2018-10-31 18:41:06 [-0400], Theodore Y. Ts'o wrote:
> On Wed, Oct 31, 2018 at 11:21:59AM +, Sebastian Andrzej Siewior wrote:
> > On October 30, 2018 8:51:36 PM UTC, "Theodore Y. Ts'o"
> > wrote:
> > >
> > >So it's complicated. It's not a binary trusted/untrusted sort of
> > >thing.
>
On Wed, Oct 31, 2018 at 11:21:59AM +, Sebastian Andrzej Siewior wrote:
> On October 30, 2018 8:51:36 PM UTC, "Theodore Y. Ts'o" wrote:
> >
> >So it's complicated. It's not a binary trusted/untrusted sort of
> >thing.
>
> What about RNDRESEEDCRNG? Would it be reasonable to issue it after
On October 30, 2018 8:51:36 PM UTC, "Theodore Y. Ts'o" wrote:
>
>So it's complicated. It's not a binary trusted/untrusted sort of
>thing.
What about RNDRESEEDCRNG? Would it be reasonable to issue it after writing the
seed as part of the boot process?
>Cheers,
>
>
On Tue, Oct 30, 2018 at 07:37:23PM +0100, Kurt Roeckx wrote:
>
> So are you saying that the /var/lib/random/seed is untrusted, and
> should never be used, and we should always wait for fresh entropy?
>
> Anyway, I think if an attacker somehow has access to that file,
> you have much more serious
On Tue, Oct 30, 2018 at 01:18:08AM +0100, Sebastian Andrzej Siewior wrote:
> Using ioctl(/dev/urandom, RNDADDENTROPY, ) instead writting to
> /dev/urandom would do the trick. Or using RNDADDTOENTCNT to increment
> the entropy count after it was written. Those two are documented in
> random(4). Or
On 2018-10-29 23:33:34 [+0100], Kurt Roeckx wrote:
> On Mon, Oct 29, 2018 at 09:58:20PM +0100, Sebastian Andrzej Siewior wrote:
> > On 2018-10-29 18:22:08 [+0100], Kurt Roeckx wrote:
> > > So I believe this is not an openssl issue, but something in the
> > > order that the kernel's RNG is
On 2018-10-29 18:22:08 [+0100], Kurt Roeckx wrote:
> So I believe this is not an openssl issue, but something in the
> order that the kernel's RNG is initialized and openssh is started.
> Potentionally the RNG isn't initialized at all and you actually
> have to wait for the kernel to get it's
reassign -1 openssl 1.1.1-1
On Mon, 29 Oct 2018 18:22:08 +0100 Kurt Roeckx wrote:
> reassign 912087 openssh-server,systemd
> thanks
>
> On Mon, Oct 29, 2018 at 08:38:15AM +0100, Kurt Roeckx wrote:
> > On Mon, Oct 29, 2018 at 12:28:15AM +, Colin Watson wrote:
> > > Reassigning to OpenSSL -
10 matches
Mail list logo