summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/randomness_seeding.mdwn
diff options
context:
space:
mode:
authorUlrike Uhlig <u@451f.org>2018-08-18 11:32:51 +0200
committerUlrike Uhlig <u@451f.org>2018-08-18 11:32:51 +0200
commit5f29dc7b4499d479ef68c4bb240a5ce13daf503f (patch)
treef6eaee8f750a8fc5a0f45ae3f866aa62a91bb5e6 /wiki/src/blueprint/randomness_seeding.mdwn
parent789a5a24547ef44defbf0e9c34f51d6ae86f5ba7 (diff)
Link this for real, and get more coffee..
Diffstat (limited to 'wiki/src/blueprint/randomness_seeding.mdwn')
-rw-r--r--wiki/src/blueprint/randomness_seeding.mdwn22
1 files changed, 9 insertions, 13 deletions
diff --git a/wiki/src/blueprint/randomness_seeding.mdwn b/wiki/src/blueprint/randomness_seeding.mdwn
index 6079897..9a62639 100644
--- a/wiki/src/blueprint/randomness_seeding.mdwn
+++ b/wiki/src/blueprint/randomness_seeding.mdwn
@@ -4,12 +4,12 @@
access from user land to the Linux kernel Cryptographically Secure
Pseudo Random Number Generator (CSPRNG). This generator is used for
almost every security protocol, like TLS/SSL key generation, choosing
-TCP sequences, ASLR offsets, and GPG key generation
-[https://eprint.iacr.org/2006/086.pdf]. In order for this CSPRNG to
-indeed be cryptographically secure, it's recommended to seed it with a
-'good' entropy source, even though The Linux kernel collects entropy
-from several sources, for example keyboard typing, mouse movement, among
-others.
+TCP sequences, ASLR offsets, and
+[https://eprint.iacr.org/2006/086.pdf](GPG key generation) . In order
+for this CSPRNG to indeed be cryptographically secure, it's recommended
+to seed it with a 'good' entropy source, even though The Linux kernel
+collects entropy from several sources, for example keyboard typing,
+mouse movement, among others.
Because of Tails' feature of being amnesic, and run from different types
of live devices (from DVDs to USB sticks), special care must be taken to
@@ -208,14 +208,10 @@ discussing/researching the costs/benefits.
## Also see
-* [https://0xacab.org/schleuder/schleuder/issues/194](Schleuder thread
- about haveged)
+* [Schleuder thread about haveged](https://0xacab.org/schleuder/schleuder/issues/194)
* The
- [https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=10](federal
- office for IT security in Germany analysed the rng in linux kernel 4.9
- and all changes made up to 4.17).
-* [https://salsa.debian.org/tookmund-guest/pgpcr/issues/16](checking for
- available entropy)
+ [federal office for IT security in Germany analysed the rng in linux kernel 4.9 and all changes made up to 4.17](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=10).
+* [checking for available entropy](https://salsa.debian.org/tookmund-guest/pgpcr/issues/16)
## Related tickets