matthias-t

Thanks for the prompt review. > I would like to see it repeat as few steps from the chroot guide as possible, instead focusing on what needs to be done...

Here are some more needed improvements: - Dracut reads from `/dev/urandom` before it is initialized. Normally, the systemd module takes care of that, but it is rightfully disabled by the...

> If you want to give your thoughts on any of the issues surrounding this, you are welcome to! We appreciate the help c: Thanks, that's nice of you. :relaxed:...

Wow, that's a great article! It demolishes the concept of entropy depletion (which haveged promotes), but maintains that some initial amount of entropy is of course necessary: > To work...

How about removing `/var/lib/random-seed` after using it? This will produce the expected behavior in `/etc/runit/core-services/05-misc.sh`. The only problem is that when the system is improperly shutdown, there is no seed...

https://github.com/void-linux/void-runit/pull/30 removed a line generating a new random seed file in `/etc/runit/core-services/05-misc.sh`, claiming that newer kernels do not credit entropy added from userspace. Is this the correct way to understand...

> Changing the number doesn't change the amount of entropy, it just changes what the kernel thinks about it. That is how I read it, too. But how does that...

> Maybe there's a race condition between entropy gathering and cryptsetup? Yes, probably. I'll try with cryptsetup reading `/dev/random` to see if that incurs any significant performance cost. > The...

> if you start with low entropy (and an attacker knows it) then do any known deterministic process, the system is potentially vulnerable to brute force attacks that reveal the...

As I said, I'm not really aware of any (except maybe TOML).