From owner-cvs-all Fri Jan 12 13:14:45 2001 Delivered-To: cvs-all@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id 17A0A37B400; Fri, 12 Jan 2001 13:14:22 -0800 (PST) Received: from slave (Studded@slave [10.0.0.1]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id NAA25067; Fri, 12 Jan 2001 13:13:50 -0800 (PST) (envelope-from DougB@gorean.org) Date: Fri, 12 Jan 2001 13:13:46 -0800 (PST) From: Doug Barton X-X-Sender: To: Warner Losh Cc: Mark Murray , , Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh In-Reply-To: <200101121636.f0CGaBs81266@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 12 Jan 2001, Warner Losh wrote: > In message <3A5EC46D.A912BC6F@FreeBSD.org> Doug Barton writes: > : Since no one seems to actually be reading my posts, let me reiterate > : something. /etc/rc does the following in the early stages right now: > > I read your posts. Please do not characterize things otherwise. Sorry for the overly broad brush. You may not have noticed, but I was a little frustrated yesterday. I did comment that I thought your suggestions had merit when I attempted to move the thread to a more appropriate list and subject, however that mission failed miserably. :) > : In case I haven't made it clear yet, I would really love to do away with > : the "gross hacks" that make 3. work, and postpone reading in the "real" > : entropy seeding till we get past 9. Up till we actually had offers of > : help today, IT WAS NOT POSSIBLE TO MOUNT -A RELIABLY BECAUSE /DEV/RANDOM > : WOULD BLOCK. > > Unless we were to modify /dev/random to not block until the first > write to it. We're all aware of this. Yes, there were a lot of proposals as to how to fix the chicken and egg problem, yet none of them manifested themselves. I went ahead with an idea that I knew worked as a band-aid solution while mark finished the real solution he is mostly ready to go with now. I simply failed to anticipate the enormous hue and cry over writing to the root partition. > : Hopefully that will be the last time I have to say it. Now, > : are you sure that ccdconfig, vinum, fsck, and mount* (other than nfs) > : will work with a "weak" amount of randomness? > > We've answered this. They need good random numbers, but not > cryptographically secure random numbers. As Mark mentioned, this question is going away because the device based entropy harvesting should have the thing in tip top shape by the time it needes to be called first in rc. > : Apparently it makes sense to Schneier. For the initial commit Mark just > : gave me something approximating the recommended values. I ran with the > : stuff for a couple days and never even noticed it. I did start to think > : however that the 8 seeds would probably really only be useful at boot > : time, so it might make more sense to run it every 3 minutes for an hour > : after boot, then every N minutes thereafter. However, I needed to do > : some research on our new(ish) ability to schedule cron jobs for @boot, > : or whatever the hell it is. > > Anything that runs once every three minutes is going to be strong > resisted. Lots of people aren't going to like it. Fair enough, that's why it's configurable. Obviously the defaults need to be reconsidered here. Personally I thought 3 minutes was within the bounds of reason, given that atrun goes off every 5 minutes by default. But I think it's fairly obvious by now that my definitions of "reasonable" differ from some of the very vocal critics. > In the mean time, I would like to say that I appreciate your efforts, > even if they aren't exactly what I'd do. Well thanks... and I feel a lot better now that I've gotten some sleep. :) Doug -- "The most difficult thing in the world is to know how to do a thing and to watch someone else do it wrong without comment." -- Theodore H. White Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message