touch-packages team mailing list archive

Thread
Date

[Bug 1098299] Re: entropy pool should be seeded earlier in boot process

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Thu, 18 Dec 2014 12:42:28 -0000
Reply-to: Bug 1098299 <1098299@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: installation-report (Ubuntu)
     Assignee: Colin Watson (cjwatson) => (unassigned)

** Changed in: installation-report (Ubuntu)
       Status: In Progress => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sysvinit in Ubuntu.
https://bugs.launchpad.net/bugs/1098299

Title:
  entropy pool should be seeded earlier in boot process

Status in installation-report package in Ubuntu:
  Triaged
Status in openssh package in Ubuntu:
  Fix Released
Status in sysvinit package in Ubuntu:
  Won't Fix
Status in ubiquity package in Ubuntu:
  Fix Released

Bug description:
  Currently, the entropy pool is seeded by /etc/init.d/urandom. This
  should be done earlier in the boot process by an upstart job, and
  should be done before the ssh daemon is started.

  Although the ssh keys are generated on package install, openssh uses
  openssl's PRNG which is seeded on boot for ephemeral keys.

  See https://factorable.net/weakkeys12.extended.pdf for more
  information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/installation-report/+bug/1098299/+subscriptions