Theo de Raadt <deraadt <at> cvs.openbsd.org> writes: > This requires an upgrade of the bootblocks and at least > /etc/rc (which saves an entropy file for future use). Some > bootblocks will be able to use machine-dependent features > to improve the entropy even further (for instance using > random instructions or fast-running counters or such). > > As a result, the kernel can start using arc4random() > exceedingly early on, even before interrupt entropy is > collected. The randomization subsystem can hopefully > become simpler due to this early entropy.. there is more > work do here.
I have a question. Having no interrupt (and such) entropy means less entropy. >From other hand, there are lot of speculations about some hardware entropy sources are suspected (proven?) bad (or intentionally hijacked?). So question here is, does moving random generation closer to hardware paves a way to more predictable numbers? Cheers, Alexey
