/dev/random/urandom question - wireguard related
alexandre
alexandre at maloteaux.net
Tue Jul 21 21:08:18 BST 2020
if not wrong the onerng script only feed /dev/urandom by default,
if you want it to feed urandom as well, you will have to edit the script to add something like this :
#already there with ONERNG_URANDOM_RESEED
#echo 0 > /proc/sys/kernel/random/urandom_min_reseed_secs
openssl enc -aes128 -nosalt -in /dev/ttyACM0 -pass file:/dev/ttyACM0 -out /dev/stdout 2>/dev/null | rngd -f -o /dev/urandom -r /dev/stdin >/dev/null
i dont know however if there is a better solution and why it has never been implemented.
firefox for instance use /dev/uramdom for all tls as well so i guess doing this increase security a lot.
More information about the Discuss
mailing list