From owner-freebsd-current Thu Jan 11 5:26:51 2001 Delivered-To: freebsd-current@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id D4E2C37B400 for ; Thu, 11 Jan 2001 05:26:32 -0800 (PST) Received: from FreeBSD.org (Studded@master [10.0.0.2]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id FAA03477 for ; Thu, 11 Jan 2001 05:26:32 -0800 (PST) (envelope-from DougB@FreeBSD.org) Message-ID: <3A5DB488.7A74332@FreeBSD.org> Date: Thu, 11 Jan 2001 05:26:32 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-current@FreeBSD.org Subject: Head's up: Yarrow-style periodic entropy saving Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG For the sake of those who don't follow commit messages (shame on you!), here's your fair warning regarding this change. This is the promised update that periodically (every 3 minutes by default) saves 2k of randomness to a set of rotating files stored by default in /.entropy. That location was chosen so that it could be loaded as early as possible in the boot process. As mentioned in the commit message, Mark suggested the defaults for size, period, and number of files based on the requirements of the Yarrow algorithm. System load for this should be negligible. All the parameters are tunable if load becomes a problem. I chose the operator user as the custodian of the entropy files since that both isolates them from unprivileged users to a certain extent, and minimizes the possibility of damaged caused by file based exploits that could be caused if the files were owned by root. This is bike shed material. For now my opinion is that the best option is to leave the single file written out at shutdown intact. First, I'd rather make one change at a time. Second, having both systems in place gives users with special needs (like diskless boots) more options in terms of saving entropy. I've no objection to ripping this out down the road if circumstances warrant. Enjoy, Doug -------- Original Message -------- Subject: cvs commit: src/etc crontab rc src/etc/defaults rc.confsrc/etc/mtree BSD.root.dist src/libexec Makefilesrc/libexec/save-entropy Makefile save-entropy.sh Date: Thu, 11 Jan 2001 05:01:20 -0800 (PST) From: Doug Barton To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org dougb 2001/01/11 05:01:20 PST Modified files: etc crontab rc etc/defaults rc.conf etc/mtree BSD.root.dist libexec Makefile Added files: libexec/save-entropy Makefile save-entropy.sh Log: Add a system to save entropy from /dev/random periodically so that it can be used to reseed at boot time. This will greatly increase the chances that there will be sufficient entropy available at boot time to prevent long delays. For /etc/rc, remove the vmstat and iostat runs from the attempt to provide some cheesy randomness if the files fail, since those programs are dynamically linked, and ldd seems to want some randomness to do its magic. Guidance and parameters for this project were provided by Mark Murray, based on the requirements of the Yarrow algorithm. Some helpful suggestions for implementation (including the tip about iostat and vmstat) were provided by Sheldon Hearn. All blame for problems or mistakes is mine of course. Revision Changes Path 1.28 +4 -1 src/etc/crontab 1.247 +27 -11 src/etc/rc 1.84 +4 -1 src/etc/defaults/rc.conf 1.48 +5 -1 src/etc/mtree/BSD.root.dist 1.44 +2 -1 src/libexec/Makefile http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/crontab.diff?&r1=1.27&r2=1.28&f=h http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.diff?&r1=1.246&r2=1.247&f=h http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/defaults/rc.conf.diff?&r1=1.83&r2=1.84&f=h http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/mtree/BSD.root.dist.diff?&r1=1.47&r2=1.48&f=h http://www.FreeBSD.org/cgi/cvsweb.cgi/src/libexec/Makefile.diff?&r1=1.43&r2=1.44&f=h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message