On 01/02/14 11:50, Alexey Suslikov wrote:
Theo de Raadt <deraadt <at> cvs.openbsd.org> writes:
This requires an upgrade of the bootblocks and at least
/etc/rc (which saves an entropy file for future use). Some
bootblocks will be able to use machine-dependent features
to improve the entropy even further (for instance using
random instructions or fast-running counters or such).
As a result, the kernel can start using arc4random()
exceedingly early on, even before interrupt entropy is
collected. The randomization subsystem can hopefully
become simpler due to this early entropy.. there is more
work do here.
I have a question.
Having no interrupt (and such) entropy means less entropy.
From other hand, there are lot of speculations about some
hardware entropy sources are suspected (proven?) bad (or
intentionally hijacked?).
So question here is, does moving random generation closer
to hardware paves a way to more predictable numbers?
The generation itself is not going anywhere. The various entropy sources
adds up, so one entropy source providing bad data should leave the
random quality unaffected, at worst.
/Alexander
Cheers,
Alexey
