Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp5121328imd;
        Tue, 30 Oct 2018 12:17:21 -0700 (PDT)
X-Google-Smtp-Source: AJdET5eZni3Gz1QY1GdewavjhFUY7kZuNPWd7qAJ1zueZ1qug+rAJ44cv8a1oo4tGfxyTwk+7KT+
X-Received: by 2002:a63:6b08:: with SMTP id g8mr127224pgc.119.1540927041507;
        Tue, 30 Oct 2018 12:17:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540927041; cv=none;
        d=google.com; s=arc-20160816;
        b=Wx/CNRjN5kYiNtg8Zulh+JGgQXHGFhIyKnXjVd5yqCxjTb3WvgqQSVm27JYrYUD+Gr
         FbhgRORFu44ysSU0+GavQhRH8iX8HEslU8/mGZMcgcOHqK0sMyvn1g55l4rvs2IvHrZu
         89kGdClHAXdEzYqNScM2WHrGLH6Pl0rOGZHtsJT9TEFETQRHnslJapBpA5VVEH0cS+G7
         smlHrumtL3tthe3vLhmCkjWxg2CEWOpAUe030jqg1YKc6iFw+E7MeT5nCqaACQSSM6jP
         vZJhFDlKcJKPaA+cPuGdzo6IUIgKG5SgW+IH8ylESLuTYa6rDbM6nK5T5Y5mSN0k5QzJ
         QdDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:to
         :from:date;
        bh=J/9Q5akzzr7EOJb8HWWd2ddfkzmmJrbm7ZvcQp0ZGlc=;
        b=JSyLkzF2HYxf+0L9aGBf0tH1sdB40biwxtosmC9VJjzniKxu9u28BiXwFZbn1ASytv
         vxYk1k4jtN0NoyNzJvwS9iUZjOMegLrXWRqtnW9LZ3yfYFeQPMvlHQysjE1ev/yvjoNf
         3xlKFt9ty8K3z5/CcufWzBfX5riMyCyNfd8D5HJbv5RCz+epIj84wHd5Tkaa668wVMGJ
         myUQnNlcbuOL1HkyH6nl7p0eOG+8Kq7GSqRkauU5NzUsJoh/geNdJ/A/WFiLPYeeoFcp
         +N4CCZVj8tmMil2WtWFMvz1fFg46Z/n/FXDsU9Iwnoxjhv9q5jz3iHBpPax9dmYE1vaZ
         dnVw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w61-v6si25680161plb.95.2018.10.30.12.16.50;
        Tue, 30 Oct 2018 12:17:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727524AbeJaDlq (ORCPT <rfc822;xiaochao379261131@gmail.com>
        + 99 others); Tue, 30 Oct 2018 23:41:46 -0400
Received: from excelsior.roeckx.be ([195.234.45.115]:35489 "EHLO
        excelsior.roeckx.be" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727465AbeJaDlq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Oct 2018 23:41:46 -0400
X-Greylist: delayed 583 seconds by postgrey-1.27 at vger.kernel.org; Tue, 30 Oct 2018 23:41:45 EDT
Received: from intrepid.roeckx.be (localhost [127.0.0.1])
        by excelsior.roeckx.be (Postfix) with ESMTP id 91501A8A0BE6;
        Tue, 30 Oct 2018 18:37:24 +0000 (UTC)
Received: by intrepid.roeckx.be (Postfix, from userid 1000)
        id EA12F1FE0AA2; Tue, 30 Oct 2018 19:37:23 +0100 (CET)
Date:   Tue, 30 Oct 2018 19:37:23 +0100
From:   Kurt Roeckx <kurt@roeckx.be>
To:     "Theodore Y. Ts'o" <tytso@mit.edu>,
        Sebastian Andrzej Siewior <sebastian@breakpoint.cc>,
        912087@bugs.debian.org,
        "Package Development List for OpenSSL packages." 
        <pkg-openssl-devel@alioth-lists.debian.net>,
        linux-kernel@vger.kernel.org,
        Bernhard =?iso-8859-1?Q?=DCbelacker?= <bernhardu@mailbox.org>,
        pkg-systemd-maintainers@lists.alioth.debian.org,
        debian-ssh@lists.debian.org, 912087-submitter@bugs.debian.org
Subject: Re: Bug#912087: openssh-server: Slow startup after the upgrade to
 7.9p1
Message-ID: <20181030183723.GI10011@roeckx.be>
References: <20181029223334.GH10011@roeckx.be>
 <20181030001807.7wailpm37mlinsli@breakpoint.cc>
 <20181030141544.GE15839@thunk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20181030141544.GE15839@thunk.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Oct 30, 2018 at 10:15:44AM -0400, Theodore Y. Ts'o wrote:
> On Tue, Oct 30, 2018 at 01:18:08AM +0100, Sebastian Andrzej Siewior wrote:
> > Using ioctl(/dev/urandom, RNDADDENTROPY, ) instead writting to
> > /dev/urandom would do the trick. Or using RNDADDTOENTCNT to increment
> > the entropy count after it was written. Those two are documented in
> > random(4). Or RNDRESEEDCRNG could be used to force crng to be reseeded.
> > It does also the job, too.
> > 
> > Ted, is there any best practise what to do with the seed which as
> > extrected from /dev/urandom on system shutdown? Using RNDADDTOENTCNT to
> > speed up init or just write to back to urandom and issue RNDRESEEDCRNG?
> 
> The reason why writing to /dev/[u]random via something like:
> 
>     cat /var/lib/random/seed > /dev/random
> 
> Dosn't bump the the entropy counter is because it's possible that an
> attacker could read /var/lib/random/seed.  Even if the seed file is
> refreshed on shutdown, (a) the attacker could have read the file while
> the system is down, or (b) the system could have crashed so the seed
> file was not refreshed and the attacker could have read the file
> before the crash.

So are you saying that the /var/lib/random/seed is untrusted, and
should never be used, and we should always wait for fresh entropy?

Anyway, I think if an attacker somehow has access to that file,
you have much more serious problems.


Kurt