Integrated crypto

Robert Connolly robert at linuxfromscratch.org
Tue Apr 6 20:19:02 PDT 2004


On Tue Apr 6 20:53:34 MDT 2004, Bennett Todd wrote:
>...
>But the resulting built system will have strong randomization in its
>compiled code, and running it won't be sucking down entropy, only
>compiling it.

Its at runtime, on everything. Running make is just a good way of running lots 
of programs. Running lots of programs should create entropy, not eat it all. 
The way it is the system is consuming far more entropy then it can produce. 
I'm pretty sure the way (u)random works is, urandom hashes random, and 
gettimeofday etc, untill random is empty. After /dev/random is emptied 
urandom is hashing predictable values because random bits are discarded after 
one use. Thats why its not safe for making keys with. I'm looking at getting 
get_pax_random_long in a sysctl interface, maybe under /proc/sys/kernel/
random/arc4. Not unlike /proc/sys/kernel/random/uuid, but returning a 4 byte 
arc4 buffer instead. Frandom can be converted to use this and /dev/arandom, 
and the libc function would be no problem after. This would be for anything 
non-crypto, so that sshd (or ipsec) can run with full resources.




More information about the hlfs-dev mailing list