Open evan0greenup opened 5 years ago
The security of haveged is highly contested[1] and I personally believe it is security snake oil. The bigger problem is if you specify that option, and you aren't running something like virtio-rng, or rngd, or haveged, pwgen will just hang, and that's not a great user experience. Realistically speaking, if you are generating a password, worrying about whether you are using a CSRPNG or a "true" RNG is the least of your worries.
[1] https://lwn.net/Articles/525459/
It would probably be a good idea to try using getrandom(2) if it is present, warning if it isn't been fully initialized, but realistically the weakness when using passwords is going to be the human factor.
@tytso , for the majority computer device, they all provide built-in TPM (https://en.wikipedia.org/wiki/Trusted_Platform_Module), which have integrated hardware random number generator.
The operating system won't fetch new entropy from HRNG if the entropy pool not consume.
I believe the device which support built-in TPM occupy 80% of the world.
Maybe the name of option is -S, --super-secure
which use blocked random source for every character of password.
Which make character independent from each other and completely unpredictable.
Which is helpful to critical environment.
As the development of haveged, the amount of seed in /dev/random has increased a lot. As a result, it can improve the security of password when use /dev/random as random source.