Date: Fri, 13 Jul 2018 07:51:44 -0600 From: Ian Lepore <ian@freebsd.org> To: cem@freebsd.org, Dirk-Willem van Gulik <dirkx@webweaving.org> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: Limits to seeding /dev/random | random(4) Message-ID: <1531489904.66719.43.camel@freebsd.org> In-Reply-To: <CAG6CVpW=gXK-a7RAmDm=xBb3WP=bK3sLxOTBm3r0Y=ES4KzWPg@mail.gmail.com> References: <3A988D26-7B08-4301-8176-B0ED8A559420@webweaving.org> <1531317515.66719.20.camel@freebsd.org> <20180712165751.1e5b8e24@gumby.homeunix.com> <7C42CD28-078F-4AF6-90F2-5E951F8386D5@webweaving.org> <CAG6CVpX1DnB7KDigG=wMPROM6vvdw0LB005u6d3c29Dbp7NhTw@mail.gmail.com> <55685C1F-4711-40C7-8EB4-2930BF8C9884@webweaving.org> <CAG6CVpW=gXK-a7RAmDm=xBb3WP=bK3sLxOTBm3r0Y=ES4KzWPg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2018-07-12 at 11:40 -0700, Conrad Meyer wrote: > Identical results are very troubling. Maybe your readonly > filesystems > contain a static "entropy" file that is being fed in every boot (with > identical contents)? If so, you definitely want to remove that > during > image generation. That, in tandem with few other sources of entropy, > could explain identical results. I have been reporting for years that certain kinds of embedded systems lead to zero entropy available at boot, including the fact that the kernel's attempt to harvest entropy from things such as device attach timings and so forth are, in some situations, completely ineffective and yield numbers that are identical from one boot to the next. I even posted logs of it happening years ago. Still, people just find the whole idea of this sort of reproducibility so gut-level counter- intuitive that they dismiss and deny it. It happens. Embedded systems are a different world, and if entropy is important, sometimes we have to go out of our way to provide some. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1531489904.66719.43.camel>