Date: Fri, 28 Mar 1997 09:13:12 +0200 From: Mark Murray <mark@grondar.za> To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> Cc: Mark Murray <mark@grondar.za>, Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>, markm@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ATTENTION: Initial state of random pool Message-ID: <199703280713.JAA09258@grackle.grondar.za>
next in thread | raw e-mail | index | archive | help
=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= wrote: > > At the moment, the pool of randomness is stirred far too often by MD5. I > > have some more recent code by Ted Ts'o which uses SHA, and is improved in > > other ways. > > Hmm, I not talk about improvements right now, only about bugfixes... Oh, OK. I am planning a huge improvement in the long(ish) term. In the meanwhile, I am sure I can come up with some decent muck to prime the pool. > To summarize what I want: > > 1) We need to check, if at least _one_ true random word added after > boot just to be shure that daemons can use /dev/urandom. > > 2) If it happens, go to 4) > > 3) We need to add this random word, f.e. from timer. > > 4a) We need remove rndcontrol from rc.i386 (leaving it as user-land > utility) and add all interrupts to kernel config file, i.e. > something like: > option RAND_INTS "5 7 10 11" > or something more suitable. > > or > > 4b) We need to start rndcontrol as early as possible in /etc/rc > (I think 4a is better) Should be easy. I'll look at this over the next few days. M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703280713.JAA09258>