Integrated crypto

Bennett Todd bet at
Tue Apr 6 12:53:34 PDT 2004

I think you're working too hard on this.

Let compilations with ssp drain /dev/random, by way of /dev/urandom.
Yup, on that compile host there might be performance problems w/
sshd, and slightly weaker crypto on things sucking keys out of
/dev/urandom, during a compile.

But the resulting built system will have strong randomization in its
compiled code, and running it won't be sucking down entropy, only
compiling it.

When /dev/urandom empties /dev/random, that doesn't mean it's
suddenly weak crypto; it's still a strong PRNG with a big state and
--- here's the important bit --- a high-entropy, hard-to-guess
initial seed. Plus some infusion of occasional real entropy, makes
probably stir up the disks a bit:-).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the hlfs-dev mailing list