/dev/random/urandom question - wireguard related

alexandre alexandre at maloteaux.net
Tue Jul 21 21:08:18 BST 2020

if not wrong the onerng script only feed /dev/urandom by default, 

if you want it to feed urandom as well, you will have to edit the script to add something like this :

#already there with ONERNG_URANDOM_RESEED
#echo 0 > /proc/sys/kernel/random/urandom_min_reseed_secs

openssl enc -aes128 -nosalt -in /dev/ttyACM0 -pass file:/dev/ttyACM0 -out /dev/stdout 2>/dev/null | rngd -f -o /dev/urandom -r /dev/stdin >/dev/null

i dont know however if there is a better solution and why it has never been implemented. 

firefox for instance use /dev/uramdom for all tls as well so i guess doing this increase security a lot.

More information about the Discuss mailing list