From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 25 13:51:45 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66167106566B; Fri, 25 Dec 2009 13:51:45 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 3E24D8FC16; Fri, 25 Dec 2009 13:51:45 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id E6A7546B17; Fri, 25 Dec 2009 08:51:44 -0500 (EST) Date: Fri, 25 Dec 2009 13:51:44 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: RW In-Reply-To: <20091224231334.2e242371@gumby.homeunix.com> Message-ID: References: <5a5b03660912240445x7df1498dt42e29d93105efebc@mail.gmail.com> <4B339F27.6020707@freebsd.org> <5a5b03660912240941r6b76a839u819a8a1408816386@mail.gmail.com> <20091224231334.2e242371@gumby.homeunix.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org, markm@FreeBSD.org Subject: Re: yarrow random generator X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2009 13:51:45 -0000 On Thu, 24 Dec 2009, RW wrote: >>> And also according to Schneier it is a good idea to save state of the PRNG >>> and restore it on boot to make it "more seeded". >> >> In the default configuration, we save some PRNG output every few minutes >> (using cron) to a file in /var so that it can be re-injected into Yarrow on >> the next boot (done by /etc/rc.d/random). > > It isn't handled very well though. The files saved by crontab under /var are > loaded a bit late in the boot sequence - after encrypted swap. > > The main entropy file is loaded earlier, but immediatly after ps -fauxww, > sysctl -a, etc are dumped into the device, saturating its 4K of buffer > space. I can't speak to the specific /dev/random design choices here, but I can say that there is a more general issue with swap being required to get to the point where you reliably have writable file system access. This is because fsck can be quite memory-heavy, and so swap is started before fsck is started. It could well be that the arrival of proper UFS journaling support in the immediate future allows more agressive reordering of the boot process so that writable file systems can be assumed much earlier. I'll point Mark Murray at this thread and see if we can get him to opine some on the current design choices and any potential changes to address them. I was interested by your observation that the boot-time dumping of bits into /dev/random may overflow the buffering -- indeed, it looks like the rate-controlling in effect for other entropy sources may not be appropriate for /dev/random. Robert N M Watson Computer Laboratory University of Cambridge