From owner-freebsd-current Sun Jul 16 12:55: 4 2000 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 542) id 42BBF37B6D6; Sun, 16 Jul 2000 12:55:02 -0700 (PDT) Date: Sun, 16 Jul 2000 12:55:02 -0700 From: "Andrey A. Chernov" To: Mark Murray Cc: Bill Fumerola , current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <20000716125502.B89979@freebsd.org> References: <20000716152631.G51462@jade.chc-chimes.com> <200007161942.VAA04096@grimreaper.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <200007161942.VAA04096@grimreaper.grondar.za>; from mark@grondar.za on Sun, Jul 16, 2000 at 09:42:29PM +0200 Organization: Biomechanoid Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Jul 16, 2000 at 09:42:29PM +0200, Mark Murray wrote: > > On Sun, Jul 16, 2000 at 08:26:44PM +0200, Mark Murray wrote: > > > > > Gotcha - fix coming; I need to stash some randomness at shutdown time, and > > > use that to reseed the RNG at reboot time. > > > > ... and for installations where ssh-keygen is run the first time > > the system boots? > > The situation is _worse_; the entropy is minimal, and is _very_ attackable. What's wrong about timers for enthropy (I mean high resolution ones)? Really we need only few bytes of enthropy and can use them to seed RNG for the first time if no true randomness available. To be joking: MD5 of kernel module can help too :-) -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message