entropy pool should be seeded earlier in boot process
Bug #1098299 reported by
Marc Deslauriers
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
installation-report (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
openssh (Ubuntu) |
Fix Released
|
High
|
Colin Watson | ||
sysvinit (Ubuntu) |
Won't Fix
|
High
|
Steve Langasek | ||
ubiquity (Ubuntu) |
Fix Released
|
High
|
Colin Watson |
Bug Description
Currently, the entropy pool is seeded by /etc/init.
Although the ssh keys are generated on package install, openssh uses openssl's PRNG which is seeded on boot for ephemeral keys.
See https:/
Changed in installation-report (Ubuntu): | |
status: | Triaged → In Progress |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in ubiquity (Ubuntu): | |
status: | Triaged → In Progress |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in ubiquity (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in openssh (Ubuntu): | |
assignee: | nobody → Colin Watson (cjwatson) |
status: | Triaged → Fix Committed |
Changed in sysvinit (Ubuntu): | |
status: | Triaged → Won't Fix |
Changed in installation-report (Ubuntu): | |
assignee: | Colin Watson (cjwatson) → nobody |
status: | In Progress → Triaged |
To post a comment you must log in.
initscripts currently contains no Upstart jobs, and arguably shouldn't. I suspect that we may need to put the converted urandom job in the upstart package, though it's worth checking with James and/or Steve.
I've added a couple of tasks for installer packages, because these need to ensure that the entropy pool from installation is saved for first boot. This should significantly improve the entropy available at first boot, which is probably poorer than necessary right now.