| Summary: | hardened profiles: USE=urandom may introduce security problems | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Marc Schiffbauer <mschiff> |
| Component: | Eclasses | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Marc Schiffbauer
2014-05-12 18:27:25 UTC
(In reply to Marc Schiffbauer from comment #0) > Hi, > > I just realized that the hardened profile sets USE=urandom. > > I think this is a very bad idea because for example using /dev/urandom in a > virtual machine can result in getting very bad and not-so-random randomness. > > Because one appliaction or another may slow down when using /dev/random this > can be solved by using sys-apps/haveged which should give much better > randomness than urandom does. > > Thoughts? Sorry for the delay, I just saw this going thorugh old bugs. It may be the case that this is bad pseudo random numbers, but random blocks. What I recommend is running haveged, especially in a vm, to generate extra entropy. I'll let you close this if you think that's good enough. The point is: If you use haveged, you can use /dev/random very well. I don#T think haveged will make randomness of /dev/urandoma any better won't it? Ping? http://www.2uo.de/myths-about-urandom/ I dont really see a big problem with urandom. and if you want you can just use haveged too. Thanks, convinced. Then please close ;) |