From owner-freebsd-security@freebsd.org Tue May 15 14:54:49 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5E416EDF5C3 for ; Tue, 15 May 2018 14:54:49 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D3BC17D6F8 for ; Tue, 15 May 2018 14:54:48 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-wm0-x22b.google.com with SMTP id x12-v6so16194355wmc.0 for ; Tue, 15 May 2018 07:54:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nYvL3ODQNySwEQlpFWT2lb0QSZ4SX9lXC0/0tTvnOUc=; b=YWZ/kxdq22fM0cg9e63qNMLqsKyCC9g4reL0nSFHdqM3ZEZfT20VmDvw3CjKQKCsnr C2/w+7WQN5h3+teLgTnVdBIkOZkSwNUZYJMIa/MQ8zbgCH88DJgB1xyTc+ztg1LS5mk2 vVHHnNkYol4V5EDItF9IXOymfz8M4Ttian+9nTh3sErFBK8JDQVh8OeO2/+4AuVrw4F0 tYM68vz2VbYsxuJM1lezlmOQ+Vv8babmqSEJYOK0UaOkO1LL8mBSv3d+gITVzm3HBagW 9NjyViH+Q1DL7g7cnhTrcV2OF4VBPqcy5LkQkANxogAZJV6dVQGA+PB0eK4VIqNjqfWl msXQ== X-Gm-Message-State: ALKqPwdwAR66UCJNTdkRrSU4hj1wPTxHJdO9bjc8NnuFy7ftTNJl+ORi wL/RG4wgXigvfSrc3ee2qYtpRKjQ X-Google-Smtp-Source: AB8JxZq11vKf6WHJS+J2C5bZxJ9NrQxcDyMG7VK7DQIVQNMvflnS129sOM8XAJ2/ypjVeV02dctowA== X-Received: by 2002:a1c:6d97:: with SMTP id b23-v6mr8377056wmi.86.1526396087106; Tue, 15 May 2018 07:54:47 -0700 (PDT) Received: from gumby.homeunix.com ([90.195.192.11]) by smtp.gmail.com with ESMTPSA id a129-v6sm13556851wme.3.2018.05.15.07.54.45 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 15 May 2018 07:54:46 -0700 (PDT) Date: Tue, 15 May 2018 15:54:44 +0100 From: RW To: freebsd-security@freebsd.org Subject: Re: Querying entropy state Message-ID: <20180515155444.0bb41e5f@gumby.homeunix.com> In-Reply-To: <130fc299-7d4e-e3fe-7ba8-d4d3a677591f@FreeBSD.org> References: <130fc299-7d4e-e3fe-7ba8-d4d3a677591f@FreeBSD.org> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.1) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2018 14:54:49 -0000 On Tue, 15 May 2018 12:17:28 +0100 Chris Rees wrote: > Hello all, > > Since the new random device has been put in, sysutils/monitorix no > longer has a sysctl to poll to view the current state of entropy > (i.e. kern.random.sys.seeded). > > I have come to the understanding that it is no longer necessary or > relevant information with the new driver, and entropy is always at an > acceptable state; the author has suggested disabling this test on > FreeBSD. > > Am I correct that there is no point in checking for entropy any more, > and the entropy is unmeasurable? It hasn't been for many years. kern.random.sys.seeded was set when yarrow first seeded itself after a boot. As long as there's an entropy file this happened very early, and ordinary computers would spontaneously seed well before that. The sysctl was only relevant in some special cases like certain embedded devices.