robert at linuxfromscratch.org
Tue Apr 6 20:19:02 PDT 2004
On Tue Apr 6 20:53:34 MDT 2004, Bennett Todd wrote:
>But the resulting built system will have strong randomization in its
>compiled code, and running it won't be sucking down entropy, only
Its at runtime, on everything. Running make is just a good way of running lots
of programs. Running lots of programs should create entropy, not eat it all.
The way it is the system is consuming far more entropy then it can produce.
I'm pretty sure the way (u)random works is, urandom hashes random, and
gettimeofday etc, untill random is empty. After /dev/random is emptied
urandom is hashing predictable values because random bits are discarded after
one use. Thats why its not safe for making keys with. I'm looking at getting
get_pax_random_long in a sysctl interface, maybe under /proc/sys/kernel/
random/arc4. Not unlike /proc/sys/kernel/random/uuid, but returning a 4 byte
arc4 buffer instead. Frandom can be converted to use this and /dev/arandom,
and the libc function would be no problem after. This would be for anything
non-crypto, so that sshd (or ipsec) can run with full resources.
More information about the hlfs-dev