Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Mar 2005 14:08:27 -0800
From:      Brooks Davis <brooks@one-eyed-alien.net>
To:        Ed Maste <emaste@phaedrus.sandvine.ca>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Random source seeding and /etc/rc.d/sshd host key generation
Message-ID:  <20050328220827.GA26134@odin.ac.hmc.edu>
In-Reply-To: <20050328220022.GB17716@sandvine.com>
References:  <20050328220022.GB17716@sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 28, 2005 at 05:00:22PM -0500, Ed Maste wrote:
> In /etc/rc.d/sshd, user_reseed() does
>=20
> seeded=3D`sysctl -n kern.random.sys.seeded 2>/dev/null`
>     if [ "${seeded}" !=3D "" ] ; then
>         warn "Setting entropy source to blocking mode."
>         echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D"
>         echo "Type a full screenful of random junk to unblock"
>         ...
>=20
> I'm curious if checking the seeded sysctl against "" is intentional;
> it seems $seeded will always be non-null.  Since user_reseed only
> gets called if the host keys don't exist it probably won't be much
> of an issue in practice, but it seems random junk will be requested
> on the first boot even if the entropy source is already seeded.

I believe the goal of the script is to not trust the system entropy this
time (since it's almost certainly junk.)  I think the check is just to
avoid this code if the sysctl doesn't exist.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCSIBbXY6L6fI4GtQRApweAJ46xIbjh1qZgVoj/3nRxdOq796L7ACeLRxl
iAQiaMTyhl+oa4+w9Uxwzso=
=zsD0
-----END PGP SIGNATURE-----

--8t9RHnE3ZwKMSgU+--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050328220827.GA26134>