GNU bug report logs - #23605
/dev/urandom not seeded across reboots

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 23 May 2016 17:59:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: "Thompson\, David" <dthompson2 <at> worcester.edu>
Cc: 23605 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: bug#23605: /dev/urandom not seeded across reboots
Date: Wed, 25 May 2016 23:53:33 +0200

"Thompson, David" <dthompson2 <at> worcester.edu> skribis:

> On Tue, May 24, 2016 at 12:16 PM, Leo Famulari <leo <at> famulari.name> wrote:

[...]

>> When I boot a GuixSD VM for the first time [0], it requires me to dance
>> on the keyboard until it has collected ~200 bits of entropy. I assumed
>> this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
>> sure.
>
> This is just an annoying feature of GNU lsh.  I want to switch my
> machines to OpenSSH sometime, partly due to this.

It’s actually ‘lsh-make-seed’ that does that (info "(lsh)
lsh-make-seed"), and it’s invoked from our ‘lsh-service’ when
#:initialize? is #t (the default).

It’s possible to set #:initialize? to #f, but then you still need to
create (or provide) the random seed at some point.  At the time people
felt that having it default to #t would be less surprising.

> It impedes automated provisioning of servers, which OpenSSH does not do.

Maybe OpenSSH assumes that the kernel-provided randomness is good
enough?

Ludo’.
This bug report was last modified 9 years and 53 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.