Red Hat Bugzilla – Bug 31521
/etc/rc.d/init/random generator's state gets deleted on startup
Last modified: 2014-03-16 22:19:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.72 [en] (X11; U; Linux 2.2.16 i686)
In /etc/rc.d/init/random we preserve the status of the builtin random
generator on shutdown:
# Carry a random seed from shut-down to start-up
# Save 512 bytes, which is the size of the entropy pool
chmod 600 $random_seed
action "Saving random seed" dd if=/dev/urandom of=$random_seed count=1
but on the subsequent startup, we delete the /var/run/random-seed file in
# Clean up /var
# I'd use find, but /usr may not be mounted.
for afile in /var/lock/* /var/run/*; do
if [ -d "$afile" ]; then
[ "`basename $afile`" != "news" -a "`basename $afile`" != "sudo" ] &&
rm -f $afile/*
rm -f $afile
We could add to rc.sysinit to leave that file alone, but it would be
cleaner to save the random state in a different directory that doesn't get
Steps to Reproduce:
1. just look at it - in the random start) section we always just create the
file from scratch, because it has been deleted just before.
This bug might open a potential security hole with generated keys using
that random generator. It severely cuts down on the phase space for the
seed value, and makes things like ssh keys easier to break. In the best of
circumstances, the 512 bytes are filled with random bits at power up, but
if the BIOS runs a memory test at power-on, it might be much more
predictable, depending on the hardware and setup.
It's in 6.x, and 7.x distributions alike.
Will be fixed in 5.76-1; I changed it to write it to /var/lib.