Thread on debian-devel "Handling of entropy during boot".
"Rasberry PI's are extremely problematic devices from a security perspective. They use a coarse-grained clock, so it's very hard to
get good entropy out of timing events, and very the hardware that they have on them is such that there aren't many events that we can use to generate entropy in the first place." - Theodore Y. Ts'o
Given popularity of RPi in bitcoin (nodes), this is concerning to realize.
Make sure to check out the whole post (and/or thread)
That was in Dec 2018 and thread continues in Jan 2019 here:
There is a bcm2708-rng.ko kernel module you can load and if you use rng-tools or rng-tools5 package*, that'll greatly improve the entropy pool.
I don't know if that would be good entropy (or whether there is such a thing as good/bad entropy) as that is outside my area of expertise.
*) in Debian Stable. For testing/Sid it's rng-tools-debian/rng-tools5
Never expected that there would be so much to read/learn about randomness 😮
In the previously mentioned thread there was also a link to https://daniel-lange.com/archives/152-Openssh-taking-minutes-to-become-available,-booting-takes-half-an-hour-...-because-your-server-waits-for-a-few-bytes-of-randomness.html which in turn led me to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087#182
"Starting with the 3.17 kernel, the kernel will automatically pull from
hardware random number generators without needing to install a user space daemon, such as rng-tools."
But it comes with a caveat which I'm not fully getting (follow the link, as I don't have enough chars left here)
I'm (also) assuming that NSA/Intel has backdoored the HWRNG in their CPUs and glad that Ts'o had that foresight to only mix it in with the rest.
I also learned about Chaos Key (http://shop.gag.com/random/chaoskey.html) which seems to be a Open Hardware RNG, which in turn was the idea behind 'specifying' RISC-V in my other toot
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!