Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Apr 2004 19:05:06 +1000
From:      Peter Jeremy <peterjeremy@optushome.com.au>
To:        freebsd-current@freebsd.org
Subject:   Re: dev/random
Message-ID:  <20040414090506.GA25565@server.vk2pj.dyndns.org>
In-Reply-To: <20040413232816.GB25818@Odin.AC.HMC.Edu>
References:  <200404131550.i3DFocIn099231@grimreaper.grondar.org> <428207C0-8D7B-11D8-B697-003065ABFD92@mac.com> <20040413191058.GF20550@Odin.AC.HMC.Edu> <D30E2B24-8D8D-11D8-B697-003065ABFD92@mac.com> <20040413232816.GB25818@Odin.AC.HMC.Edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 13, 2004 at 04:28:16PM -0700, Brooks Davis wrote:
>To be clear, the problem is not that you can't open /dev/random for
>read, it's that read() blocks until sufficent entropy arrives.  It's
>worth noting that the quality of entropy needed in initdiskless is
>pretty minimal.  rand() would actually be fine here other then the fact
>that use of rand should not be encouraged.

If you don't need a great deal of entropy, you might be able to get
away with stirring in the time of day, CPU cycle counter[1], and maybe
time a couple of arbitrary disk seeks.  If you had a _really_ cheap
stirring function, maybe stir in all of KVM (this should vary slightly
from boot to boot).  This should be enough entropy to get to the
point where you can start loading or acquiring reasonable entropy.

I recall being bitten on several occasions when I was trying to use
ed(1) in single user mode and having ed decide there wasn't enough
entropy to create its temporary file.

Of course, the default behaviour of automatically building ssh host
keys as part of the boot sequence (when there's virtually no entropy
available) is probably undesirable.

[1] Maybe a couple of times at arbitrary points during the boot
    sequence - it's fairly cheap and probe/attach code is somewhat
    non-deterministic compared to the CPU clock.

Peter



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040414090506.GA25565>