Date: Mon, 03 Sep 2012 13:17:05 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Ian Lepore <freebsd@damnhippie.dyndns.org> Cc: Arthur Mesh <arthurmesh@gmail.com>, freebsd-security@freebsd.org, freebsd-rc@freebsd.org Subject: Re: svn commit: r239598 - head/etc/rc.d Message-ID: <50451041.9070302@FreeBSD.org> In-Reply-To: <1346638718.1140.573.camel@revolution.hippie.lan> References: <201208222337.q7MNbORo017642@svn.freebsd.org> <5043E449.8050005@FreeBSD.org> <1346638718.1140.573.camel@revolution.hippie.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/02/2012 19:18, Ian Lepore wrote:
> On Sun, 2012-09-02 at 15:57 -0700, Doug Barton wrote:
>> The attached patch simplifies the script quite a bit, and restores the
>> traditional order of running the "best effort" entropy first. I'm
>> interested in what others think about this. (Note, the patch is easier
>> to understand if you apply it and look at the resulting file.)
>
> I have a patchset somewhere that added the ability to supply an
> alternate command to generate "best effort" entropy. The reason is that
> the existing code on an embedded system with no realtime clock hardware
> generates a sequence that sometimes differs by two full bytes from one
> boot to the next. Often it's identical. Adding insult is the fact that
> the existing sequence takes about 4-5 seconds on that platform.
>
> There just isn't much entropy available there, but I came up with a
> command sequence that ran in about a second and generated more
> differences on each boot.
I'm interested in that patch.
> I'm still interested in the ability to override the default best effort
> generator with something else via entries in rc.conf; I'm not picky
> about the mechanism for doing so. If there's any interest, I'll try to
> find that old patch I had for it (which I never submitted for fear of
> starting a "that's not good enough entropy" flame war).
What would probably be useful is to determine what commands are "safe"
to run on both kinds of systems and always run those. Then give some
additional commands to run by default that can be overridden via an
rc.conf flag.
Doug
--
I am only one, but I am one. I cannot do everything, but I can do
something. And I will not let what I cannot do interfere with what
I can do.
-- Edward Everett Hale, (1822 - 1909)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50451041.9070302>