|IIRC writing to /dev/urandom doesn't do what you want it to do. |You have to use an ioctl() to actually set entropy. And that is the sad point about it. Kernel hackers should stand up to allow it again!
As Ted Ts'o said[1], and Donenfeld agreed[2], the problem is that any user can write to /dev/urandom, including malicious users, so you cannot credit what they write. I tend to trust people who do the work rather than those who stand on cardboard boxes. Still, since it's related to boot sequence things and I want to be a reliable source on boot sequences, I actually studied the thing when it came up, and understood the issue enough to come up with my own conclusion - and my own conclusion is still that the person who did the work, i.e. Jason, is right about this. I'm sorry. I like the idea of writing stuff to /dev/urandom and have it count, too. It's just not a good idea for security. That's just the way it is. And it would be nice if all the work and ink that already went into it, including mine, could actually be useful to all the people who don't care about any of this and just want their systems to work and be secure - so it would be nice if disinformation and bad ideas stopped being spread. [1]: https://lwn.net/ml/linux-kernel/yjqvemckzcu1p...@mit.edu/ [2]: https://lwn.net/ml/linux-kernel/yjqbcqbyhcopg...@zx2c4.com/ -- Laurent _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
