Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 939
    • Issues 939
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 30
    • Merge requests 30
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #7675

Persist entropy pool seeds

Originally created by @intrigeri on #7675 (Redmine)

As a Tails user
When I boot Tails with persistence enabled
Then when an entropy is required, it would use the entropy pool seed

Rationale

Generating entropy on a live distribution is a tough problem. And this has impact to securely generate cryptographic keys, like for example for Pidgin-OTR, using SSH or generating a PGP key. We hope to improve this situation for users who enable the persistence storage option using some randomness from the previous session to help bootstrap with some “well” generated randomness.

Technical discussion

From the discussions and research on #7642 (closed) and #5650 (closed), it seems clear that it would be good to persist entropy pool seeds (/var/lib/random-seed, /var/lib/urandom/random-seed, /var/lib/systemd/random-seed, etc.) whenever possible.

It might even be that we want to do that by default when persistence is enabled (although it’s a hard decision to make, because it breaks one of the basic assumptions of how Tails works).

Still, note that these seeds won’t be used at early boot stage, but only once persistence is enabled. We should look at pointers on #6116 and evaluate how much of a problem it is in practice, in Tails use case.

Team

Team: segfault, bertagaz

Blueprint: https://tails.boum.org/blueprint/randomness_seeding/

Subtasks

  • #11898 (closed)

Related issues

  • Related to #7642 (closed)
  • Related to #5650 (closed)
  • Related to #7646 (closed)
  • Related to #6116
  • Is duplicate of #11897
Edited May 15, 2020 by intrigeri
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking