[148152] in cryptography@c2.net mail archive
Re: [Cryptography] randomness +- entropy
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Nov 13 02:00:30 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 12 Nov 2013 17:54:21 -0800
To: cryptography@metzdowd.com
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <5281E597.4020003@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
At 12:23 AM 11/12/2013, James A. Donald wrote:
>On 2013-11-12 16:44, John Denker wrote:
>>The fact is, there are some applications that cannot make do with
>>low-quality randomness *and* cannot afford to wait.
>
>I don't think so.
Most applications can wait. Some of them could wait, but currently don't.
But what applications are there that really do need to run early?
The one potential example I can think of is hard drive encryption -
it definitely needs good (pseudo)randomness,
and needs to start pretty early in the boot process
so other applications can have a file system to write to,
and I'd prefer not to have a system that starts out
writing unencrypted/badlyencrypted data and then updates it,
though I suppose you don't typically have any user data that early.
(BTW, does an encrypted disk drive provide any useful seed material
for future boots?)
Are there any network processes that need crypto before running?
Applications like sshd and https obviously do, so you need
/dev/*random running before you can use them for system
administration, but they probably don't need to be ready early.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
