Uoti Urpala dixit: >entropy to be secure. Consider the following scenario: > >Daemon
There are no daemons running at that time. This is run in initramfs, just after the root filesystem has been mounted, with no background tasks save udev running, and network has not been set up (unless NFS or dropbear are in use). Adding bytes at both points sounds doable. I wanted to keep it simple, no “magic sprinkle”, because people tend to fear those. I might do that, but I don’t really see an attack scenario here (see above)… we’re talking about a place in boot where normally there’s 0 entropy available and / is mounted read-only anyway. bye, //mirabilos -- Solange man keine schmutzigen Tricks macht, und ich meine *wirklich* schmutzige Tricks, wie bei einer doppelt verketteten Liste beide Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz hervorragend. -- Andreas Bogk über boehm-gc in d.a.s.r