Package: initscripts Version: 2.86.ds1-61 Severity: important Tags: patch During initialization, include this: date +%s.%N > /dev/random
This is important for systems that boot from read-only media and have few if any realtime sources of new entropy. Unattended and/or embedded systems tend to fall into this category. This solution was discussed on the cryptography mailing list, and there was 100% consensus that it would be a good idea. Tangential remark: Back in 2007, Bug #455230 expressed a similar goal, but did not correctly identify the important use-case, and did not offer the correct solution. The solution here meets the goals of that earlier request. *) Using the date+time as part of the seed is important every time a system is /rebooted/ from read-only media; that is, it is important for every boot except the first. We don't want to restore the RNG to a previously-used state. *) This is most effective as part 1 of a two-part solution. Part 2 is to ensure that the read-only random.seed file is unshared and unique on a host-by-host basis. Part 2 is not the subject of this report. We can and should implement Part 1 without waiting for Part 2. The date+time is /different/ on each reboot, and that is all that is needed, provided the random.seed is unshared and unique. This is #4 in a group of 5 patches for init.d/urandom. -- System Information: Debian Release: 5.0.5 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i586) Kernel: Linux 2.6.26.5 (PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash
>From fb548b0a752ce676d193c71ceff1321b1d894def Mon Sep 17 00:00:00 2001 From: John Denker <j...@av8n.com> Date: Sat, 11 Sep 2010 10:04:48 -0700 Subject: [PATCH 4/5] Include date and time when seeding the RNG. --- urandom | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/urandom b/urandom index 841534c..ac1c06e 100755 --- a/urandom +++ b/urandom @@ -43,6 +43,15 @@ do_status () { case "$1" in start|"") [ "$VERBOSE" = no ] || log_action_begin_msg "Initializing random number generator" + # Seed the RNG with date and time. + # This is helpful in the less-than-ideal case where $SAVEDFILE + # is read-only. + # The value of this is greatly reduced if $SAVEDFILE is missing, + # or its contents are shared machine-to-machine or known to + # attackers (since they might well know at what time this + # machine booted up). + date +%s.%N > /dev/random + # Load and then save $POOLBYTES bytes, # which is the size of the entropy pool if [ -f "$SAVEDFILE" ] -- 1.7.0.4