Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]



Are you stating that /dev/urandom is not available on the machine you are
using? You are using Linux I believe. What version of Linux does not have
/dev/urandom. Note that /dev/random, which should also be available, should
not be used. It has the same strength as urandom, but can block indefinitely
if it thinks it does not have enought "entropy" to finish delivering the bytes
it thinks it needs (esssentially /dev/random does not deliver more bytes that
contained in its "seed" which is harvested from various "randomness" sources
like disk access times, typing intervals,.... Unfortunately things like the
RP computers have no disks, or keyboards, etc. and so as I understand it, play badly with /dev/random (ie, run out of seed easily and thus could block.)

On Wed, 3 Aug 2022, Hal Murray wrote:

[CAUTION: Non-UBC Email]

mlichvar@xxxxxxxxxx said:
Is OpenSSL required in NTPsec? chrony can be built with no crypto library, so
it needs a random generator that's always available. That's /dev/urandom.

Not currently.  Thanks for the suggestion.

--
These are my opinions.  I hate spam.




--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.



--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/