From owner-freebsd-arch  Wed Jan 10  2:21:38 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2D90937B401; Wed, 10 Jan 2001 02:21:17 -0800 (PST)
Received: from grondar.za (root@gratis.grondar.za [196.7.18.133])
	by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f0AAKsI03830;
	Wed, 10 Jan 2001 12:20:57 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <200101101020.f0AAKsI03830@gratis.grondar.za>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Dan Moschuk <dan@FreeBSD.ORG>, arch@FreeBSD.ORG,
	markm@FreeBSD.ORG
Subject: Re: Keeping an /entropy file 
References: <xzplmsjg1k0.fsf@flood.ping.uio.no> 
In-Reply-To: <xzplmsjg1k0.fsf@flood.ping.uio.no> ; from Dag-Erling Smorgrav <des@ofug.org>  "10 Jan 2001 11:10:39 +0100."
Date: Wed, 10 Jan 2001 12:21:26 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Dan Moschuk <dan@FreeBSD.ORG> writes:
> > Without too big of a bikeshed, what does everyone think of either 
> > adding a system crontab or modifying the random device itself to generate
> > /entropy at a specified interval?
> 
> Doesn't that consume a largish amount of entropy? If so, I don't think
> it's a very good idea.

It's mandated by the Yarrow algorithm, and it ensures a safe startup.

Yarrow is resistant to entropy starvation, so the concept of "emptying
the pool" is far less important than the ability to recover encryption
keys of the ciphers used.

M
-- 
Mark Murray
Warning: this .sig is umop ap!sdn


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message