From owner-freebsd-current Mon Jul 17 8:25:26 2000 Delivered-To: freebsd-current@freebsd.org Received: from blizzard.sabbo.net (blizzard.sabbo.net [193.193.218.18]) by hub.freebsd.org (Postfix) with ESMTP id C280137BA13 for ; Mon, 17 Jul 2000 08:25:10 -0700 (PDT) (envelope-from sobomax@FreeBSD.org) Received: from vic.sabbo.net (root@vic.sabbo.net [193.193.218.106]) by blizzard.sabbo.net (8.9.1/8.9.3) with ESMTP id RAA27844; Mon, 17 Jul 2000 17:59:57 +0300 (EEST) Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vic.sabbo.net (8.9.3/8.9.3) with ESMTP id SAA17491; Mon, 17 Jul 2000 18:01:28 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Message-ID: <39731FC5.34D3074D@FreeBSD.org> Date: Mon, 17 Jul 2000 18:01:25 +0300 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.73 [en] (WinNT; I) X-Accept-Language: uk,ru,en MIME-Version: 1.0 To: Mark Murray Cc: "Louis A. Mamakos" , current@FreeBSD.org Subject: Re: randomdev entropy gathering is really weak References: <200007171319.JAA04774@whizzo.transsys.com> <200007171454.QAA00856@grimreaper.grondar.za> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mark Murray wrote: > > > I agree that it is not (very) random; however cclock jitter and keystroke > > > timing can help thwart the bad guys... > > > > But do please keep in mind that many of my FreeBSD platforms have neither > > keyboard or mouse. And for the ones that do, they tend not to get used > > until long after the system boots. It's essential that the randomness > > harvesting also be driven off of other events, such as network interface > > or storage system interrupts for these environments. > > Agreed. I have already committed a "persistent" entropy cache that > reseeds the random device on reboot. > You may also want to extend /etc/crontab to periodically save entropy. This would help if something unexpected like halt(8) or panic(9) happened. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message