On Wed, 30 Dec 2015 at 22:08:14 +0800, Matt Johnston wrote: > Using getrandom() is on my todo list - I'd be glad to take a > patch.
Awesome! I most likely won't have time to work on this during the next couple of weeks, but I'll have a look at some point if you have not done so already ;-) > I think the best behaviour would be to call > getrandom() on urandom with GRND_NONBLOCK in a loop > printing a warning to dropbear_log() if it is blocking (not > yet initialised) and keep waiting. This is exactly what I've seen done elsewhere :-) I'm curious of the possibility of an infinite loop though, but there is only one way to find out how long one has to wait in practice ;-) I'm not familiar with how the kernel fills its entropy pool, but I would hope it can use TCP packets once network has been configured and a client tries to speak with the SSH port, even when there is nothing listening on that port yet. > The extra sources in seedrandom() are purely opportunistic - > better than nothing, though really it would be best if > /dev/urandom blocked at boot until it's seeded (like getrandom()). Yup -- Guilhem.
signature.asc
Description: PGP signature