Date: Thu, 20 Sep 2012 11:32:53 +0100 From: Jonathan Anderson <jonathan@FreeBSD.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, RW <rwmaillists@googlemail.com>, Mariusz Gromada <mariusz.gromada@gmail.com> Subject: Re: Collecting entropy from device_attach() times. Message-ID: <269BF2927F4A4BB5B0F4A4155F2294A6@FreeBSD.org> In-Reply-To: <20120920102104.GA1397@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <A8FD98DD94774D00B4E5F78D3174C1B4@gmail.com> <20120919192923.GA1416@garage.freebsd.pl> <20120919205331.GE1416@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, 20 September 2012 at 11:21, Pawel Jakub Dawidek wrote: > It would be ideal if we could provide properly seeded PRNG even for > single-user mode, so eliminating initrandom altogether is also an > option Amen to that. :) As I believe theraven@ pointed out a couple of days ago: it is very silly indeed that we are taking data generated by the kernel (process table) based on presumed-pseudorandom inputs, passing it to userspace, turning it into text (via ps), hashing that text and then passing it *back* to the kernel in order to stir into the entropy pool that we could instead just build from actually-fairly-random information like device_attach() times. Jon -- Jonathan Anderson jonathan@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?269BF2927F4A4BB5B0F4A4155F2294A6>