From owner-cvs-all Fri Jan 12 8:36:41 2001 Delivered-To: cvs-all@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 4FF0A37B400; Fri, 12 Jan 2001 08:36:18 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f0CGaBs81266; Fri, 12 Jan 2001 09:36:15 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200101121636.f0CGaBs81266@harmony.village.org> To: Doug Barton Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh Cc: Matt Dillon , Mark Murray , Sheldon Hearn , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org In-reply-to: Your message of "Fri, 12 Jan 2001 00:46:37 PST." <3A5EC46D.A912BC6F@FreeBSD.org> References: <3A5EC46D.A912BC6F@FreeBSD.org> <200101120644.f0C6hvI12630@gratis.grondar.za> <200101120534.f0C5YYH96390@earth.backplane.com> <200101120652.f0C6qls78578@harmony.village.org> <200101120711.f0C7B4Y97991@earth.backplane.com> Date: Fri, 12 Jan 2001 09:36:11 -0700 From: Warner Losh Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <3A5EC46D.A912BC6F@FreeBSD.org> Doug Barton writes: : Since no one seems to actually be reading my posts, let me reiterate : something. /etc/rc does the following in the early stages right now: I read your posts. Please do not characterize things otherwise. : In case I haven't made it clear yet, I would really love to do away with : the "gross hacks" that make 3. work, and postpone reading in the "real" : entropy seeding till we get past 9. Up till we actually had offers of : help today, IT WAS NOT POSSIBLE TO MOUNT -A RELIABLY BECAUSE /DEV/RANDOM : WOULD BLOCK. Unless we were to modify /dev/random to not block until the first write to it. We're all aware of this. : Hopefully that will be the last time I have to say it. Now, : are you sure that ccdconfig, vinum, fsck, and mount* (other than nfs) : will work with a "weak" amount of randomness? We've answered this. They need good random numbers, but not cryptographically secure random numbers. : Apparently it makes sense to Schneier. For the initial commit Mark just : gave me something approximating the recommended values. I ran with the : stuff for a couple days and never even noticed it. I did start to think : however that the 8 seeds would probably really only be useful at boot : time, so it might make more sense to run it every 3 minutes for an hour : after boot, then every N minutes thereafter. However, I needed to do : some research on our new(ish) ability to schedule cron jobs for @boot, : or whatever the hell it is. Anything that runs once every three minutes is going to be strong resisted. Lots of people aren't going to like it. : As stated, Warner's suggestion is a good one, presuming that Mark is : satisfied regarding being able to provide sufficient entropy to : kickstart yarrow, AND that we're sure none of the things listed above in : 4-9 need strong randomness to work. I'm still wainting to hear back from Mark on the non-blocking idea. In the mean time, I would like to say that I appreciate your efforts, even if they aren't exactly what I'd do. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message