Persist entropy pool seeds
As a Tails user
When I boot Tails with persistence enabled
Then when an entropy is required, it would use the entropy pool seed
Generating entropy on a live distribution is a tough problem. And this has impact to securely generate cryptographic keys, like for example for Pidgin-OTR, using SSH or generating a PGP key. We hope to improve this situation for users who enable the persistence storage option using some randomness from the previous session to help bootstrap with some “well” generated randomness.
From the discussions and research on #7642 (closed) and #5650 (closed), it seems clear
that it would be good to persist entropy pool seeds
/var/lib/systemd/random-seed, etc.) whenever possible.
It might even be that we want to do that by default when persistence is enabled (although it’s a hard decision to make, because it breaks one of the basic assumptions of how Tails works).
Still, note that these seeds won’t be used at early boot stage, but only once persistence is enabled. We should look at pointers on #6116 and evaluate how much of a problem it is in practice, in Tails use case.
Team: segfault, bertagaz