From owner-freebsd-current  Mon Jul 17 16:27:59 2000
Delivered-To: freebsd-current@freebsd.org
Received: from infidel.boolean.net (router.boolean.net [198.144.206.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id A831937B764; Mon, 17 Jul 2000 16:27:50 -0700 (PDT)
	(envelope-from Kurt@OpenLDAP.org)
Received: from gypsy.OpenLDAP.org (gypsy.boolean.net [198.144.202.243])
	by infidel.boolean.net (8.9.3/8.9.3) with ESMTP id XAA28570;
	Mon, 17 Jul 2000 23:27:18 GMT
	(envelope-from Kurt@OpenLDAP.org)
Message-Id: <4.3.2.7.0.20000717161342.00b0c780@infidel.boolean.net>
X-Sender: guru@infidel.boolean.net
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Mon, 17 Jul 2000 16:27:17 -0700
To: Sheldon Hearn <sheldonh@uunet.co.za>
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: randomdev entropy gathering is really weak 
Cc: Mark Murray <mark@grondar.za>,
	Maxim Sobolev <sobomax@FreeBSD.ORG>, current@FreeBSD.ORG
In-Reply-To: <27901.963864847@axl.ops.uunet.co.za>
References: <Your message of "Mon, 17 Jul 2000 19:33:40 +0200." <200007171733.TAA00681@grimreaper.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Note that there should be no need to cron the job.  You
only need to save one set of bits to be used as a seed
for the next startup.  And one set of bits SHOULD be
as good as any other.

I suggest you (at boot time):
1:      open seed file for read
        unlink seed file
        use seed file + available entropy to seed algorithm
        close the seed file

2:      open for seed file for write
        write X bytes for next time
        close file

Note that even if you do cron step 2, I recommend highly you
mix in whatever entropy you can gather at boot time into
the initial seeding.  This will ensure any reuse of the
seed file (such as if you crash between steps 1 and 2) will
result in different bit sequences.

Regards, Kurt


At 10:14 PM 7/17/00 +0200, Sheldon Hearn wrote:


>On Mon, 17 Jul 2000 19:33:40 +0200, Mark Murray wrote:
>
>> That is an idea I can use! :-)
>
>See the recently fixed and documented crontab(5) @reboot, in fact. :-)
>
>Ciao,
>Sheldon.
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-current" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message