Integrated crypto

Bennett Todd bet at rahul.net
Tue Apr 6 12:53:34 PDT 2004


I think you're working too hard on this.

Let compilations with ssp drain /dev/random, by way of /dev/urandom.
Yup, on that compile host there might be performance problems w/
sshd, and slightly weaker crypto on things sucking keys out of
/dev/urandom, during a compile.

But the resulting built system will have strong randomization in its
compiled code, and running it won't be sucking down entropy, only
compiling it.

When /dev/urandom empties /dev/random, that doesn't mean it's
suddenly weak crypto; it's still a strong PRNG with a big state and
--- here's the important bit --- a high-entropy, hard-to-guess
initial seed. Plus some infusion of occasional real entropy, makes
probably stir up the disks a bit:-).

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20040406/6a084731/attachment.sig>


More information about the hlfs-dev mailing list