From owner-freebsd-security Thu Mar 27 11:30:56 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA12700 for security-outgoing; Thu, 27 Mar 1997 11:30:56 -0800 (PST) Received: from sovcom.kiae.su (sovcom.kiae.su [193.125.152.1]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id LAA12684; Thu, 27 Mar 1997 11:30:45 -0800 (PST) Received: by sovcom.kiae.su id AA13857 (5.65.kiae-1 ); Thu, 27 Mar 1997 22:19:41 +0300 Received: by sovcom.KIAE.su (UUMAIL/2.0); Thu, 27 Mar 97 22:19:40 +0300 Received: (from ache@localhost) by nagual.ru (8.8.5/8.8.5) id WAA00894; Thu, 27 Mar 1997 22:17:58 +0300 (MSK) Date: Thu, 27 Mar 1997 22:17:56 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= To: Joerg Wunsch , markm@freebsd.org Cc: security@freebsd.org Subject: ATTENTION: Initial state of random pool Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Recent Joerg report about fortune behaviour make me think about initial state of /dev/random, i.e. what happens when rndcontrol not called at all and no keys pressed (or the same key sequence, because it relays on scancode)? I fear that pool state is very predicted in this case. If I right, we need to do something to have true random in the pool even without rndcontrol tool (it called even after daemons started, so daemons can't use its advantages in any case!). I.e. add some timer randomness at the kernel boot state and allows rndcontrol-style IRQ set in kernel configure file. I see blkdev randomness commented out in the code, maybe we can re-activate it? If my fears are true, we need to fix it ASAP. Any ideas? -- Andrey A. Chernov http://www.nagual.ru/~ache/