[Bug 1098299] Re: entropy pool should be seeded earlier in boot process
Simon Déziel
1098299 at bugs.launchpad.net
Wed Nov 6 22:42:52 UTC 2013
@Joh Denker, I've looked through your urandom.conf upstart job and was
wondering how it would cope with /var on separated partition. Should't
it need "start on mounted MOUNTPOINT=/var" ?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sysvinit in Ubuntu.
https://bugs.launchpad.net/bugs/1098299
Title:
entropy pool should be seeded earlier in boot process
Status in “installation-report” package in Ubuntu:
In Progress
Status in “openssh” package in Ubuntu:
Fix Released
Status in “sysvinit” package in Ubuntu:
Won't Fix
Status in “ubiquity” package in Ubuntu:
Fix Released
Bug description:
Currently, the entropy pool is seeded by /etc/init.d/urandom. This
should be done earlier in the boot process by an upstart job, and
should be done before the ssh daemon is started.
Although the ssh keys are generated on package install, openssh uses
openssl's PRNG which is seeded on boot for ephemeral keys.
See https://factorable.net/weakkeys12.extended.pdf for more
information.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/installation-report/+bug/1098299/+subscriptions
More information about the foundations-bugs
mailing list