ntp_random - please check

Achim Gratz Stromeko at nexgo.de
Fri Jul 6 20:46:56 UTC 2018

Hal Murray via devel writes:
> Also, it didn't check the return code.  That raises an interesting question.  
> What should we do if there isn't enough entropy?

I'm sure that's been discussed before in other contexts.  I don't
remember exactly where, but I think it was somewhere in the vicinity of
the Debian weak key disaster.  The BSD folks have had another lengthy
discussion about their entropy pool init routines a few years ago.
Anyway, my personal take is that you can't actually know if there is
enough entropy, so you need to accept whatever the system tells you
about it.

> How much entropy is there in a typical system?  Can a malicious user use it 
> all up?  Could a busy server run out?

I am not up-to-date on the possibility of exhausting the entropy pool
once it has been correctly initialized (esp. from user space), it used
to be possible in former times but the RNG designs have had significant
progress since then.  However, starting up a VM has been reported to
have problems with either not enough entropy available or (parts) of the
entropy pool being predictable enough to present a usable attack

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:

More information about the devel mailing list