[Whonix-devel] How to confirm jitter .ko was loaded

procmem at riseup.net procmem at riseup.net
Fri Apr 26 21:06:41 CEST 2019


On 4/26/19 9:16 PM, Stephan Mueller wrote:
> Am Freitag, 26. April 2019, 20:47:43 CEST schrieb procmem at riseup.net:
>
> Hi,
>>> Let us go back to your issue: why do you think you need the jitterentropy
>>> RNG in the kernel to begin with?
>> My purpose is to be 100% sure /dev/urandom was seeded properly from a
>> robust entropy source (jitter_entropy.ko's use of CPU timers in this
>> case) before users can use any crypto tools that depend on it. AFAIU the
>> jitter service makes sure these APIs are blocked until properly seeded
>> once at boot then prevents this irritating behavior for those few apps
>> that depend on /dev/random.
> As I tried to outline in the previous email: the /dev/random or /dev/urandom 
> will NOT benefit from the in-kernel Jitter RNG. Only the user space 
> jitterentropy-rngd from user space would inject entropy into /dev/random / /
> de/urandom.
>
> Therefore, I do not think that inserting the jitterentropy KO will help you 
> for your goal.
>
Thank you so much for going into detail and testing this. So to
conclude, there is nothing needed to be done on our part on Debian since
we already benefit as per your analysis. The daemon boot order should be
sufficiently handled with the systemd conf you've supplied, hence
mitigating a broken urandom initialization. That's awesome news and
means no changes needed by us :)

PS. TNT BOM BOM  is an enthusiast on our forum. He can be a little
overzealous with testing sometimes :)




More information about the Whonix-devel mailing list