Date: Fri, 31 Oct 2014 14:04:57 -0700 From: Garrett Cooper <yaneurabeya@gmail.com> To: Mark Murray <markm@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r273872 - in head: etc/defaults etc/rc.d libexec/save-entropy share/examples/kld/random_adaptor sys/conf sys/dev/glxsb sys/dev/random sys/kern sys/modules sys/modules/padlock_rng sys/mo... Message-ID: <9D38CD22-6BFC-4D55-8E8F-622EC2997723@gmail.com> In-Reply-To: <201410302121.s9ULLsEw055630@svn.freebsd.org> References: <201410302121.s9ULLsEw055630@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_784D8CF4-A843-45CA-8987-B30DD87FD416 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Oct 30, 2014, at 14:21, Mark Murray <markm@FreeBSD.org> wrote: > Author: markm > Date: Thu Oct 30 21:21:53 2014 > New Revision: 273872 > URL: https://svnweb.freebsd.org/changeset/base/273872 >=20 > Log: > This is the much-discussed major upgrade to the random(4) device, = known to you all as /dev/random. >=20 > This code has had an extensive rewrite and a good series of reviews, = both by the author and other parties. This means a lot of code has been = simplified. Pluggable structures for high-rate entropy generators are = available, and it is most definitely not the case that /dev/random can = be driven by only a hardware souce any more. This has been designed out = of the device. Hardware sources are stirred into the CSPRNG (Yarrow, = Fortuna) like any other entropy source. Pluggable modules may be written = by third parties for additional sources. >=20 > The harvesting structures and consequently the locking have been = simplified. Entropy harvesting is done in a more general way (the = documentation for this will follow). There is some GREAT entropy to be = had in the UMA allocator, but it is disabled for now as messing with = that is likely to annoy many people. >=20 > The venerable (but effective) Yarrow algorithm, which is no longer = supported by its authors now has an alternative, Fortuna. For now, = Yarrow is retained as the default algorithm, but this may be changed = using a kernel option. It is intended to make Fortuna the default = algorithm for 11.0. Interested parties are encouraged to read ISBN = 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and = Kohno for Fortuna's gory details. Heck, read it anyway. >=20 > Many thanks to Arthur Mesh who did early grunt work, and who got = caught in the crossfire rather more than he deserved to. >=20 > My thanks also to folks who helped me thresh this out on whiteboards = and in the odd "Hallway track", or otherwise. >=20 > My Nomex pants are on. Let the feedback commence! >=20 > Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?) > Approved by: so(des) Hi Mark, Could you please add an UPDATING entry for this? Some users (like me) = who do make installworld from old kernels are experiencing issues (some = dealing with filesystem corruption). Please see this thread on -current@ = for more details: = https://lists.freebsd.org/pipermail/freebsd-current/2014-October/053039.ht= ml This also should have had =93Relnotes: yes=94 in the commit message = because this deserves to be put in the release notes for 11.0 Thanks! --Apple-Mail=_784D8CF4-A843-45CA-8987-B30DD87FD416 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUU/l5AAoJEMZr5QU6S73eUAAH/iIxf9FQWxQJF0aAhyoq62eV kax0hHoHARYNtgGQBfifv6y7sjjHx8p3EgfNoW0W5IIuYftoE33WWzmMnp9HPMQE Owepj7sNxTKLvIJNSxJXzDOLH71fqRSliqEdI9n3SfuQTholg9dsqus9k+28zj2X Y+hNOav9M8xR6YdccGG7K4FyJTnafxadWxqjMifvwCbEjDPQkvcd4xoMRLjiaiD9 R/xbkzyz5iLQXPH4o7+vbOe6fXn55sj1/ApTmwLoVrH2iUZZXQVDV8ybFQkQEzLl uDDG40mmBePQun2+u0rEunNs+KikHaXOysi8zZoy6eZ8KNvtM/ytrGzyFzc8dkU= =eYUg -----END PGP SIGNATURE----- --Apple-Mail=_784D8CF4-A843-45CA-8987-B30DD87FD416--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9D38CD22-6BFC-4D55-8E8F-622EC2997723>