From owner-freebsd-security Sun Mar 30 03:26:07 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id DAA20415 for security-outgoing; Sun, 30 Mar 1997 03:26:07 -0800 (PST) Received: from minor.stranger.com (stranger.vip.best.com [204.156.129.250]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id DAA20410 for ; Sun, 30 Mar 1997 03:26:00 -0800 (PST) Received: from dog.farm.org (dog.farm.org [207.111.140.47]) by minor.stranger.com (8.6.12/8.6.12) with ESMTP id DAA15727; Sun, 30 Mar 1997 03:27:42 -0800 Received: (from dk@localhost) by dog.farm.org (8.7.5/dk#3) id DAA24526; Sun, 30 Mar 1997 03:31:46 -0800 (PST) Date: Sun, 30 Mar 1997 03:31:46 -0800 (PST) From: Dmitry Kohmanyuk Message-Id: <199703301131.DAA24526@dog.farm.org> To: ache@nagual.ru (=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?=) Cc: freebsd-security@freebsd.org Subject: Re: ATTENTION: Initial state of random pool Newsgroups: cs-monolit.gated.lists.freebsd.security Organization: FARM Computing Association Reply-To: dk+@ua.net X-Newsreader: TIN [version 1.2 PL2] Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article you wrote: > 4a) We need remove rndcontrol from rc.i386 (leaving it as user-land > utility) and add all interrupts to kernel config file, i.e. > something like: > option RAND_INTS "5 7 10 11" > or something more suitable. I think it's much better to have them specified per-device. Having PCI cards in the system (for network and disk, which are both good sources of entropy) means that I have to maintain driver-to-IRQ mapping in sync by carefully looking at dmesg output ;-) And it can change even if I swap slots for the cards. hmm, how it would work in presence of PCI irq sharing?