[Whonix-devel] How to confirm jitter .ko was loaded

Patrick Schleizer adrelanos at riseup.net
Tue Apr 30 13:41:00 CEST 2019

Hello Stephan,

thank you for all your kernel work and answering to us here, appreciated!

On https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 I asked
Debian kernel maintainers to consider enabling the jitter kernel module
by default.

Would you wish to share your thoughts on this?

Kind regards,

-------- Forwarded Message --------
Subject: Re: Bug#927972: jitterentropy_rng.ko never loads
Date: Tue, 30 Apr 2019 11:38:00 +0000
From: Patrick Schleizer <adrelanos at riseup.net>
To: Luca Boccassi <bluca at debian.org>, 927972 at bugs.debian.org,
procmem at riseup.net <procmem at riseup.net>

On https://www.whonix.org/pipermail/whonix-devel/2019-April/001371.html
its developer wrote:

> [...]
> - the in-kernel crypto API has an RNG framework that provides a DRBG.
DRBG is used for in-kernel crypto API purposes. It may be accessed from
space via AF_ALG [2]. Yet, this is not accessible from /dev/random, /dev/
urandom or getrandom. The DRBG uses the in-kernel JitterRNG to seed itself.
> [...]

Better entropy for in-kernel crypto API purposes sounds good as a
general security enhancement.

Fedora enables this kernel module by default, too.

Does this sound like a good idea to enable loading this kernel module by
default in Debian?

More information about the Whonix-devel mailing list