From owner-freebsd-current  Mon Jul 17  6:58: 4 2000
Delivered-To: freebsd-current@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131])
	by hub.freebsd.org (Postfix) with ESMTP
	id 60AF037B64D; Mon, 17 Jul 2000 06:57:59 -0700 (PDT)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id PAA02615;
	Mon, 17 Jul 2000 15:57:36 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
To: alex@big.endian.de (Alexander Langer)
Cc: "Louis A. Mamakos" <louie@TransSys.COM>,
	Mark Murray <mark@grondar.za>,
	"Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak 
In-reply-to: Your message of "Mon, 17 Jul 2000 15:45:49 +0200."
             <20000717154549.A18676@cichlids.cichlids.com> 
Date: Mon, 17 Jul 2000 15:57:36 +0200
Message-ID: <2613.963842256@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <20000717154549.A18676@cichlids.cichlids.com>, Alexander Langer writ
es:
>Thus spake Poul-Henning Kamp (phk@critter.freebsd.dk):
>
>> I have thought about adding a entropy server to my array of weird
>> servers in my lab.  Something like a Geiger counter and a smokedetector
>> could do wonders.
>
>HA! Cool!
>
>Do that please!
>
>I mean, seriously.
>And an option to sysinstall, where you can enable this as you can with
>ntpdate :)

DuH!

NTP is the perfect way to gather entropy at bootup!

Predicting the clock's offset from reality and the two way path to
the server of choice is impossible, plus if people enable authentication
later on the packets will be choke full of high-quality entropy.

We need an enterprising soul to add an option (default on) to
ntpdate to write the received packets in toto to /dev/random
if it exists.

If somebody does this, I will spear-head the effort of getting it
into the ntpv4 sources (Hmm, don't  I have a commit bit there
already ?  Can't remember...)

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD coreteam member | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message