On Wed, Jun 28, 2017 at 12:01:29PM -0500, Benjamin Kaduk via openssl-dev wrote: > > I'm not sure what you mean by "draining the kernel's entropy pools". > That is, if you are adhering to the belief that taking random bits out > of a generator removes entropy from it that must be replenished, does > that not apply also to any generator/pool we write for ourselves? Or > maybe you just refer to the behavior of linux /dev/random, in which case > I would point out Ted (the author/maintainer of linux /dev/random)'s > suggestion to just use (getrandom or) /dev/random and tacit agreement > that the behavior of reducing the entropy count on reads from > /dev/random is not really needed anymore.
Replace all /dev/random with /dev/urandom. > At boot time *all* pools are empty. FreeBSD has a random seed file on > disk to be loaded on next boot that helps with this (I didn't check > linux), It depends on the distro, but they should all be doing this. On systems using systemd that file is probably /var/lib/systemd/random-seed. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev