I strongly agree with the main idea here: "entropy pool should be seeded earlier in boot process"
Here are some numbers that quantify the magnitude of the problem: prior startup script #bits (mountall) 18816 (mounted-run) 21888 (sshd server) 35616 (network-interface : lo) 55968 (network-interface : eth0) 68832 (urandom) 79168 For details on what these numbers mean, see http://www.av8n.com/computer/htm/secure-random.htm#sec-discuss Steve Langasek (vorlon) wrote on 2013-05-17: > I think we do want to translate /etc/init.d/urandom to an upstart job Agreed! That will help a lot. > not sure at present how to write it correctly It's not hard. A very specific suggestion for how it might be done can be found here: http://www.av8n.com/cgit/cgit.cgi/init-urandom/ 1) Add init/urandom.conf 2) Add init/urandom-save.conf 3) Remove all references to init.d/urandom from rc?.d/ 4) Optionally add a factor of "urandom" to the startup conditions in init/ssh.conf. This will make init.ssh.conf correspond more closely to the old sysvinit init.d/ssh This (a) ports the urandom stuff to upstart, (b) initializes the PRNG much earlier, and (c) does a better job of refreshing the stored seed. I am under no illusions that this initializes the PRNG early enough in absolute terms ... but it is very very much earlier in relative terms. It is a big step in the right direction. In any case, porting it to upstart also improves things in a number of ways. Let me know if you have questions. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1098299 Title: entropy pool should be seeded earlier in boot process To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/installation-report/+bug/1098299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs