From owner-freebsd-hackers@FreeBSD.ORG  Thu Dec 24 23:13:52 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 783281065696
	for <freebsd-hackers@freebsd.org>; Thu, 24 Dec 2009 23:13:52 +0000 (UTC)
	(envelope-from rwmaillists@googlemail.com)
Received: from mail-fx0-f227.google.com (mail-fx0-f227.google.com
	[209.85.220.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 064AF8FC21
	for <freebsd-hackers@freebsd.org>; Thu, 24 Dec 2009 23:13:51 +0000 (UTC)
Received: by fxm27 with SMTP id 27so8605386fxm.3
	for <freebsd-hackers@freebsd.org>; Thu, 24 Dec 2009 15:13:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:subject
	:message-id:in-reply-to:references:x-mailer:mime-version
	:content-type:content-transfer-encoding;
	bh=KYArV1bgPnhkYy4uzcyEgAi6qtRbuLmWJCeeOO6WzA4=;
	b=NREnehTz/YksLs0EVbopfRWXhwBjEFIH7x5Y0xJgv5d5faSmos0ilNxIHb5Cc5Uzkz
	0UAGl/wo0fB3FgDtD0HrzEFNwo8ldOWlFGdp4SJL5D5aMIUmlfqBtgQOy2OxYJwrXDmd
	iuEEH9ehVmBhybpGUBy0//NA07ll7rFg5UdjQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma;
	h=date:from:to:subject:message-id:in-reply-to:references:x-mailer
	:mime-version:content-type:content-transfer-encoding;
	b=ddozus6ch/Irhuh/gHun2ErlapbN0olZDjTZLFeD0ffm/ayWFtH/RxAqfu6pd174Js
	r7T/LMrIElxab/95g1jn7kp3mVhBufsIGWPa+HOpkZaXv403Qgh0JRtUm9bXGgMTysGh
	ZXxo4ZERZoxg1Dj46I3Z3uhoLd8OfPoLN0ZaY=
Received: by 10.223.14.13 with SMTP id e13mr6148479faa.85.1261696430815;
	Thu, 24 Dec 2009 15:13:50 -0800 (PST)
Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk
	[87.81.140.128])
	by mx.google.com with ESMTPS id h2sm13214804fkh.2.2009.12.24.15.13.47
	(version=SSLv3 cipher=RC4-MD5); Thu, 24 Dec 2009 15:13:50 -0800 (PST)
Date: Thu, 24 Dec 2009 23:13:34 +0000
From: RW <rwmaillists@googlemail.com>
To: freebsd-hackers@freebsd.org
Message-ID: <20091224231334.2e242371@gumby.homeunix.com>
In-Reply-To: <alpine.BSF.2.00.0912241945490.73550@fledge.watson.org>
References: <5a5b03660912240445x7df1498dt42e29d93105efebc@mail.gmail.com>
	<oCmohG1K70vWpt/39IVPMdciTgk@DNdB9ElzNmEFYWRqT2UTVtuts+E>
	<4B339F27.6020707@freebsd.org>
	<5a5b03660912240941r6b76a839u819a8a1408816386@mail.gmail.com>
	<alpine.BSF.2.00.0912241945490.73550@fledge.watson.org>
X-Mailer: Claws Mail 3.7.3 (GTK+ 2.18.5; i386-portbld-freebsd8.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: yarrow random generator
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Dec 2009 23:13:52 -0000

On Thu, 24 Dec 2009 19:48:43 +0000 (GMT)
Robert Watson <rwatson@FreeBSD.org> wrote:

> On Thu, 24 Dec 2009, Paul Graphov wrote:
> 
> > And also according to Schneier it is a good idea to save state of
> > the PRNG and restore it on boot to make it "more seeded".
> 
> In the default configuration, we save some PRNG output every few
> minutes (using cron) to a file in /var so that it can be re-injected
> into Yarrow on the next boot (done by /etc/rc.d/random).

It isn't handled very well though. The files saved by crontab
under /var are loaded a bit late in the boot sequence - after encrypted swap.

The main entropy file is loaded earlier, but immediatly after 
ps -fauxww, sysctl -a, etc are dumped into the device, saturating its 4K
of buffer space.