GNU bug report logs -
#23605
/dev/urandom not seeded across reboots
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Mon, 23 May 2016 17:59:01 UTC
Severity: normal
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Tue, May 24, 2016 at 09:05:21AM +0200, Taylan Ulrich Bayırlı/Kammer wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> > Does anyone have advice about the service? Am I wrong that we need to
> > seed /dev/urandom to make it work properly?
>
> Yes, this is necessary under Linux if you want urandom to be random
> enough immediately after boot, and all the distros do it as part of
> their init.
>
> There's also an interesting implication here about the very first time
> you boot the system and don't have a urandom seed file from the last
> shutdown yet. I don't know how this is typically handled, given that
> for instance it's quite possible that a user might generate SSH keys
> shortly after their first boot of a system.
When I boot a GuixSD VM for the first time [0], it requires me to dance
on the keyboard until it has collected ~200 bits of entropy. I assumed
this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
sure.
[0] I don't remember if I had to do this on bare metal.
This bug report was last modified 9 years and 53 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.