diff options
Diffstat (limited to 'source/a/util-linux/seedrng.8')
-rw-r--r-- | source/a/util-linux/seedrng.8 | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/source/a/util-linux/seedrng.8 b/source/a/util-linux/seedrng.8 new file mode 100644 index 000000000..79ab81fd0 --- /dev/null +++ b/source/a/util-linux/seedrng.8 @@ -0,0 +1,41 @@ +.TH seedrng 8 +.SH NAME +seedrng \- seed the Linux kernel random number generator +.SH SYNOPSIS +.B seedrng +.SH DESCRIPTION +.B SeedRNG +SeedRNG is a simple program made for seeding the Linux kernel random +number generator from seed files. The program takes no arguments, must +be run as root, and always attempts to do something useful. + +This program is useful in light of the fact that the Linux kernel RNG +cannot be initialized from shell scripts, and new seeds cannot be safely +generated from boot time shell scripts either. + +It should be run once at init time and once at shutdown time. It can be +run at other times without detriment as well. Whenever it is run, it writes +existing seed files into the RNG pool, and then creates a new seed file. +If the RNG is initialized at the time of creating a new seed file, then that +new seed file is marked as "creditable", which means it can be used to +initialize the RNG. Otherwise, it is marked as "non-creditable", in which +case it is still used to seed the RNG's pool, but will not initialize the +RNG. + +In order to ensure that entropy only ever stays the same or increases from +one seed file to the next, old seed values are hashed together with new seed +values when writing new seed files: + +.BR +new_seed = new_seed[:-32] || HASH(fixed_prefix || real_time || boot_time || old_seed_len || old_seed || new_seed_len || new_seed) + +The seed is stored in /var/lib/seedrng/, which can be adjusted at +compile time. If the SEEDRNG_SKIP_CREDIT environment variable is set to 1, +true, yes, or y, then seeds never credit the RNG, even if the seed file +is creditable. + +.SH FILES +.IR /var/lib/seedrng/seed.credit +.IR /var/lib/seedrng/seed.no-credit +.SH AUTHOR +Jason A. Donenfeld <Jason@zx2c4.com> |