Open jsha opened 10 years ago
In particular I worry about this because OpenWRT runs rngd to feed output of /dev/urandom into /dev/random. This essentially fakes out the kernel's entropy measurement so it thinks there is always sufficient entropy in case a poorly written program attempts to read from /dev/random instead of /dev/urandom and winds up blocking.
Using rngd in this way is probably harmless - everything should just be using /dev/urandom - but the fact that /dev/random is likely to block indicates entropy is probably not being collected from enough sources.
More discussion in security.txt.
We should double-check the list of entropy sources that the kernel we use can collect from, and add to it if necessary.