From owner-freebsd-current  Mon Jul 17 18:44:17 2000
Delivered-To: freebsd-current@freebsd.org
Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47])
	by hub.freebsd.org (Postfix) with ESMTP
	id BF46937B633; Mon, 17 Jul 2000 18:44:13 -0700 (PDT)
	(envelope-from jeroen@vangelderen.org)
Received: from vangelderen.org (grolsch.ai [209.88.68.214])
	by cypherpunks.ai (Postfix) with ESMTP
	id 5C7834D; Mon, 17 Jul 2000 21:44:12 -0400 (AST)
Message-ID: <3973B66C.D6BD5BFD@vangelderen.org>
Date: Mon, 17 Jul 2000 21:44:12 -0400
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: Alexander Langer <alex@big.endian.de>,
	"Louis A. Mamakos" <louie@TransSys.COM>,
	Mark Murray <mark@grondar.za>,
	"Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak
References: <2613.963842256@critter.freebsd.dk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Poul-Henning Kamp wrote:
> 
> In message <20000717154549.A18676@cichlids.cichlids.com>, Alexander Langer writ
> es:
> >Thus spake Poul-Henning Kamp (phk@critter.freebsd.dk):
> >
> >> I have thought about adding a entropy server to my array of weird
> >> servers in my lab.  Something like a Geiger counter and a smokedetector
> >> could do wonders.
> >
> >HA! Cool!
> >
> >Do that please!
> >
> >I mean, seriously.
> >And an option to sysinstall, where you can enable this as you can with
> >ntpdate :)
> 
> DuH!
> 
> NTP is the perfect way to gather entropy at bootup!
> 
> Predicting the clock's offset from reality and the two way path to
> the server of choice is impossible, plus if people enable authentication
> later on the packets will be choke full of high-quality entropy.

Please quantify 'impossible'.

> We need an enterprising soul to add an option (default on) to
> ntpdate to write the received packets in toto to /dev/random
> if it exists.

I think we first need to figure out the security implications.

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message