- https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/update-random-seed-sector?h=feature/11897-improve-random-seed-file
- https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-bottom/update-kernel-command-line-random-seed?h=feature/11897-improve-random-seed-file
- https://git-tails.immerda.ch/kurono/tails/log/?h=feature/11897-improve-random-seed-file
- Increase size of random seed in the kernel command-line (#16980) · Issues · tails / tails · GitLab - using a grub variable (not implemented at time of writing)
- Persistent Storage feature: random seed (#11897) · Issues · tails / tails · GitLab
- Ensure enough entropy is available when setting up persistence (#16891) · Issues · tails / tails · GitLab
Quote Persistent Storage feature: random seed (#11897) · Issues · tails / tails · GitLab
Updated by cypherpunks 6 months ago
Some explanation would help. My sources for using 512 bytes are https://linux.die.net/man/4/urandom and linux/drivers/char/random.c at master · torvalds/linux · GitHub. Of course restoring any entropy at all is better than none, but why do you think 32 or 16 would be “plenty”?
The pool is 512 bytes in size, but you only need 32 or 16 bytes (256 or 128 bits, respectively) to achieve cryptographic security. In fact, /dev/urandom since Linux 4.8 uses ChaCha20 with a 256 bit (32 byte) seed.
Can anyone confirm this from an authoritative source? 32 bit / 4 byte would be more than small enough for being added to kernel command line without breaking usability.
An answer to that would also help with twuewand - a truerand algorithm for generating entropy - Whonix integration.