From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=+l/iaYh5YqC9310wTnUHOR/0CcjLHQLxJPc1S8WaTo0=; b=gMkvCHtDtrAZvrnOubqXqsDnUkBYW9oaPLV8ybtTPnn6AlArN0pteRFVM6q6IBE5Yy VtosuDQUGSTOEwaiStUwXl0F2b2fqLnxncbYLOkXZArW/3rFYKk7tyKe5Dwdy984GaTj Gfc8PB+LxPmrtwhMbkZNxbkXFhd1Tr8Z0eE+5eo4BhvP4+Hl2IKhvo9Ke8qLzAbZK25D fd0FtdA4fiYPnJ2GXCE6zOOlhkv7/feMfNFQFuPIaT0klPv4HtIzJx4rpymtc6pFLQN/ dqMxEdkppG10Lx9Rl9tJItCmyw9vdjUqkjKIL98djywtBA/CPrzeuKjoo4GgvVKcHyE6 AoUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=+l/iaYh5YqC9310wTnUHOR/0CcjLHQLxJPc1S8WaTo0=; b=g0y9OlDO1yCOQN/70KCQLZAxLGIyF6bv2tugeQs8LilV15XasoHX6j8I5/zDvQeHUr F1PJKpf8LHPCYM0Ej1F7t3oVojQEH0fz/JV0g7VD6mYNAa/q04KCWZxdN9vRpqkfcpd8 ufob1L5iyTQIGzOgZjs9Phb+ak0/Mrwm3puVlV8hBtYdbELvsQ+sdxYWLYgKDaUIG7Ft 4Q1i0G7+7CSGdBbDRRjGrgIfAoXDLF3rvQhkx5lTKmxr471X5k7+iIYzb1fTXF4t0t5D K4boBZn3GLyXi//nnqWsUv7KAC0lbjCdVPkVstyTFbxiJIJXLZj9ihCDwEFxLmAwujMO qscw== X-Gm-Message-State: APjAAAXxrlWB42CAAH65PMf7kjR5vV64jUl1/qF6XKIfaDXyVyxoylCZ Uy6WcZBbN3nEOsxsAfcK9m67OX8T X-Google-Smtp-Source: APXvYqwyvkXbCwcenzCMfiC/5EtIieTkWQI5nnrGeLRY2TeoQXHaqsreC3iarA8MJyaokzU7hkt9Sg== X-Received: by 2002:a19:6b0d:: with SMTP id d13mr22361380lfa.79.1556238135013; Thu, 25 Apr 2019 17:22:15 -0700 (PDT) To: ALT Linux Team development discussions References: <20190425102859.GA12238@lks.home> <20190425221720.17ddacbf1039ac51c28fc7da@altlinux.org> <4825917.ZrCSt0kF7o@homerun.localdomain> <20190425192616.GE22790@imap.altlinux.org> From: Leonid Krivoshein Message-ID: <8512557d-874e-2207-e356-c6f4f1a6a438@gmail.com> Date: Fri, 26 Apr 2019 03:19:58 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=koi8-r; format=flowed Content-Transfer-Encoding: 8bit Content-Language: ru Subject: Re: [devel] rngd vs haveged vs crng X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 00:22:17 -0000 Archived-At: List-Archive: List-Post: 26.04.2019 03:01, Leonid Krivoshein пишет: > > ... ssh-keygen -A берёт из ядра всего 32 байта через getrandom() с > флагом 0... Флаг 0 означает блокируемое чтение из не блокируемого > /dev/urandom,  для запрошенных 32 байт это не прерываемый и не > блокируемый вызов.... > Тут забыл одну деталь: чтение из /dev/urandom после исправления CVE теперь тоже блокируется, если CPRNG в ядре ещё до конца не инициализирован. -- Best regards, Leonid Krivoshein.