From owner-freebsd-current  Mon Jul 17  7:54:21 2000
Delivered-To: freebsd-current@freebsd.org
Received: from grimreaper.grondar.za (markm.ops.uunet.co.za [196.31.2.167])
	by hub.freebsd.org (Postfix) with ESMTP id B5A2037BA03
	for <current@FreeBSD.ORG>; Mon, 17 Jul 2000 07:54:01 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id QAA00856;
	Mon, 17 Jul 2000 16:54:55 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200007171454.QAA00856@grimreaper.grondar.za>
To: "Louis A. Mamakos" <louie@TransSys.COM>
Cc: current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak 
References: <200007171319.JAA04774@whizzo.transsys.com> 
In-Reply-To: <200007171319.JAA04774@whizzo.transsys.com> ; from "Louis A. Mamakos" <louie@TransSys.COM>  "Mon, 17 Jul 2000 09:19:25 -0400."
Date: Mon, 17 Jul 2000 16:54:54 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > I agree that it is not (very) random; however cclock jitter and keystroke
> > timing can help thwart the bad guys...
> 
> But do please keep in mind that many of my FreeBSD platforms have neither
> keyboard or mouse.  And for the ones that do, they tend not to get used
> until long after the system boots.  It's essential that the randomness
> harvesting also be driven off of other events, such as network interface
> or storage system interrupts for these environments.

Agreed. I have already committed a "persistent" entropy cache that
reseeds the random device on reboot.

> In fact, it would be rather interesting to have a configuration flag which
> always forces something like an fsck on a file system in order to provide
> some entropy to the random device.  Or some other user-exposed way of
> providing entropy.  I might have some data on disk, or some network
> operations which can be performed to help seed the entropy pool.

I'm (er, phk is) looking at hooking namei() in some way.

I'm also going to hook the networking stack.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message