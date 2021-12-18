from the chaos-monkey dept.
Recent upgrades that depend on the new Linux getrandom() syscall can cause OpenSSH to delay starting for tens of minutes while waiting for enough bytes of randomness. There are currently not any feasible work-arounds.
Systemd makes this behaviour worse, see issue #4271, #4513 and #10621.
Basically as of now the entropy file saved as /var/lib/systemd/random-seed will not - drumroll - add entropy to the random pool when played back during boot. Actually it will. It will just not be accounted for. So Linux doesn't know. And continues blocking getrandom(). This is obviously different from SysVinit times when /var/lib/urandom/random-seed (that you still have laying around on updated systems) made sure the system carried enough entropy over reboot to continue working right after enough of the system was booted.
#4167 is a re-opened discussion about systemd eating randomness early at boot (hashmaps in PID 0...). Some Debian folks participate in the recent discussion and it is worth reading if you want to learn about the mess that booting a Linux system has become.
While we're talking systemd ... #10676 also means systems will use RDRAND in the future despite Ted Ts'o's warning on RDRAND [Archive.org mirror and mirrored locally as 130905_Ted_Tso_on_RDRAND.pdf, 205kB as Google+ will be discontinued in April 2019].
Related post: OneRNG: a Fully-Open Entropy Generator (2014)
Related Stories
The OneRNG is an Open Hardware, Open Source, simple and verifiable USB-connected source of entropy; we do not ask you to "trust" us, we give you the ability to verify for yourself that the OneRNG does what we claim, and that it does nothing else.
OneRNG collects entropy from an avalanche diode circuit, and from a channel-hopping RF receiver. It even has a “tinfoil hat” to prevent RF interference — you can remove the hat in order to visually verify the components being used.
You rely on a high-quality source of random numbers to maintain your privacy and security in computer communication; but computers have too few sources of truly random data for the demands we place upon them. Increasingly we have been distrusting the solutions given to us by others, as they are shown to be weak in so many ways - because of faults in implementation, in design, or due to subversion by attackers who simply do not care about the consequences of their actions (I'm looking at you, NSA).
In general usage, we recommend that you use the OneRNG as an entropy source for your operating system's own RNG software; this allows you to consume extremely large quantities of random data without either blocking or reducing the quality of the data.
http://onerng.info
[Additional Info]:
http://moonbaseotago.com/onerng/
http://www.theregister.co.uk/2014/11/17/meet_onerng_a_fullyopen_entropy_generator_for_a_paranoid_age/