On Wed, Nov 13, 2013 at 01:08:07AM -0500, Theodore Ts'o wrote: > On Tue, Nov 12, 2013 at 11:23:03PM -0500, Greg Price wrote: > > That's a good idea. I've worried about the same thing, but hadn't > > thought of that solution. > > I think the key is that we set a default of requiring 128 bits, or 5 > minutes, with boot-line options to change the defaults. BTW, with the > changes that are scheduled for 3.13, this shouldn't be a problem on > most desktops. From my T430s laptop: [...] > > So even without adding device attach times (which is on the todo list) > the /dev/urandom pool is getting an estimated 128 bits of entropy > almost two seconds *before* the root file system is remouted > read/write.
Great! > This is why I've been working improving the random driver's efficiency > in getting the urandom pool as soon as possible, as higher priority > than adding blocking-on-boot for /dev/urandom. Makes sense. Blocking on boot is only sustainable anyway if it rarely lasts past early boot. Greg -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/