[Bug 1098299] Re: entropy pool should be seeded earlier in boot process

[Colin Watson]

initscripts currently contains no Upstart jobs, and arguably shouldn't.
I suspect that we may need to put the converted urandom job in the
upstart package, though it's worth checking with James and/or Steve.

I've added a couple of tasks for installer packages, because these need
to ensure that the entropy pool from installation is saved for first
boot.  This should significantly improve the entropy available at first
boot, which is probably poorer than necessary right now.

** Also affects: installation-report (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: ubiquity (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: openssh (Ubuntu)
       Status: New => Triaged

** Changed in: installation-report (Ubuntu)
       Status: New => Triaged

** Changed in: sysvinit (Ubuntu)
       Status: New => Triaged

** Changed in: ubiquity (Ubuntu)
       Status: New => Triaged

** Changed in: openssh (Ubuntu)
   Importance: Undecided => High

** Changed in: sysvinit (Ubuntu)
   Importance: Undecided => High

** Changed in: ubiquity (Ubuntu)
   Importance: Undecided => High

** Changed in: installation-report (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sysvinit in Ubuntu.
https://bugs.launchpad.net/bugs/1098299

Title:
  entropy pool should be seeded earlier in boot process

Status in “installation-report” package in Ubuntu:
  Triaged
Status in “openssh” package in Ubuntu:
  Triaged
Status in “sysvinit” package in Ubuntu:
  Triaged
Status in “ubiquity” package in Ubuntu:
  Triaged

Bug description:
  Currently, the entropy pool is seeded by /etc/init.d/urandom. This
  should be done earlier in the boot process by an upstart job, and
  should be done before the ssh daemon is started.

  Although the ssh keys are generated on package install, openssh uses
  openssl's PRNG which is seeded on boot for ephemeral keys.

  See https://factorable.net/weakkeys12.extended.pdf for more
  information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/installation-report/+bug/1098299/+subscriptions