[rhelv6-list] Random seed on stateless system
Andrew Ruch
adruch2002 at gmail.com
Fri Feb 27 15:26:29 UTC 2015
Thank you for the response.
It's a read-only /var as far as the hard drive is concerned. It works
by having a few files and directories bind mounted in memory using
/etc/sysconfig/readonly-root and /etc/rwtab. I already have a
stateless system up and working.
My concern was using the same random-seed for every boot. By using the
same random-seed, does this cause /dev/urandom to produce the same
sequence of random numbers, thus weakening the security posture? Is it
better to use the same random-seed or no random-seed at all?
Andrew
On Fri, Feb 27, 2015 at 3:12 AM, John Haxby <john.haxby at gmail.com> wrote:
> On 26 February 2015 at 20:31, Andrew Ruch <adruch2002 at gmail.com> wrote:
>>
>>
>> I have a question about how the handle the random-seed file on a
>> stateless system. I get RHEL6 installed and configured as desired and
>> then switch to a stateless system using /etc/sysconfig/readonly-root.
>> During the install process, /var/lib/random-seed is generated. This
>> file is also read and written to during startup/shutdown via
>> rc.sysinit and halt.
>>
>> However, once the system is stateless, this file can never be modified
>> again. Is it better for this file to exist on a stateless system and
>> every boot will feed /dev/urandom the same seed? Or should this file
>> be deleted so no seed exists?
>
>
>
> I'd be very surprised if a read-only /var worked. All kinds of things
> expect to be able to write files there. /var/lib is comparatively static,
> but not entirely static (/var/lib/random-seed is the obvious one).
>
> jch
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
More information about the rhelv6-list
mailing list