From owner-freebsd-current Mon Jul 17 11: 2:59 2000 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 542) id 0591737BE8B; Mon, 17 Jul 2000 11:02:56 -0700 (PDT) Date: Mon, 17 Jul 2000 11:02:55 -0700 From: "Andrey A. Chernov" To: Alexander Langer , markm@freebsd.org Cc: Leif Neland , Steve O'Hara-Smith , current@FreeBSD.ORG Subject: rc.shutdown hook is not a solution (was Re: randomdev entropy gathering is really weak) Message-ID: <20000717110255.A33448@freebsd.org> References: <20000717190250.A26970@cichlids.cichlids.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <20000717190250.A26970@cichlids.cichlids.com>; from alex@big.endian.de on Mon, Jul 17, 2000 at 07:02:50PM +0200 Organization: Biomechanoid Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jul 17, 2000 at 07:02:50PM +0200, Alexander Langer wrote: > Thus spake Leif Neland (leifn@neland.dk): > > > If you can't reach a NTP server, you are not connected to the internet. In > > that case you don't need to worry so much about security... > > That is wrong :) > The reason is not security only, the reason is buggy RNG. Imagine diskless keyboard-less and mouse-less slide-show machine with no rc.shutdown hooks since it comes with power up and goes down with power down. This machine will always start with same picture because RNG have not enough enthropy. In worst case we should relay only on processor registers always present, i.e. timers and so on. rc.shutdown hook not solve problem completely. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message