From owner-freebsd-current  Sun Jun 25  8:14: 1 2000
Delivered-To: freebsd-current@freebsd.org
Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3526A37B549; Sun, 25 Jun 2000 08:13:21 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id RAA17563;
	Sun, 25 Jun 2000 17:12:50 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200006251512.RAA17563@grimreaper.grondar.za>
To: "Jacques A . Vidrine" <n@nectar.com>
Cc: freebsd-current@freebsd.org, imp@freebsd.org
Subject: Re: HEADS UP! New (incomplete) /dev/random device! 
References: <20000625100334.C16657@bone.nectar.com> 
In-Reply-To: <20000625100334.C16657@bone.nectar.com> ; from "Jacques A . Vidrine" <n@nectar.com>  "Sun, 25 Jun 2000 10:03:34 EST."
Date: Sun, 25 Jun 2000 17:12:50 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> I guess it follows that it is not a good idea to generate keys or
> certificates on -CURRENT for a while (until entropy comes back to town)?

Correct if they rely on /dev/random for entropy.

> I don't know which applications depend on /dev/random providing entropy
> and which gather their own.

Right.

> If so, I think this needs an UPDATING entry, particularly since the
> symptoms could outlive the cause.  i.e. something to the effect of
> ``Keys and certificates generated on -CURRENT on or after m/d/y should
> not be used'' and updated again when the entropy is again available.

Agreed.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message