[Just in case, for some reason, this entropy collection is critical for mobile, I have put this in core-security.] Even if we could otherwise defer the loading of PKCS#11 modules until after startup, then I believe that the call to PK11_RandomUpdate in nsNSSComponent::RandomUpdate that happens early on would force us to load one or all PKCS#11 modules during startup. Note: nsNSSComponent::RandomUpdate is called during the processing of (some) mouse movement events. I am not sure how useful this type of entropy collection is. If it is really important, than we have a big problem on mobile, since there are no mouse movement events. If it isn't important enough for mobile to need it, then how useful could it possibly be for desktop? See also bug 520411 and the bugs that are referred to in the comments of that bug, in particular bug 88847, bug 80841, and bug 57985.
As it stands this doesn't sound like we have a current entropy problem so "sg:nse", but might if this change were made. sounds more like a security review request.
Whiteboard: [ts] → [ts][sg:nse]
bug 883718 removed the call to PK11_RandomUpdate.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.