Date: Thu, 13 Sep 2012 20:51:15 +0100 From: Mark Murray <markm@FreeBSD.org> To: obrien@freebsd.org Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, Doug Barton <dougb@FreeBSD.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, Xin Li <delphij@delphij.net> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <E1TCFRT-000Ise-E8@groundzero.grondar.org> In-Reply-To: <20120913191936.GA36319@dragon.NUXI.org> References: <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <20120912104547.1d0061c1@gumby.homeunix.com> <E1TCEeB-000InE-N6@groundzero.grondar.org> <20120913191936.GA36319@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David O'Brien writes: > On Thu, Sep 13, 2012 at 08:00:19PM +0100, Mark Murray wrote: > > I'm in favour of doing something > > to "dribble" the startup suff in, while limiting its length to (say) > > 1-2 K. Compressing the gathered stuff is a good idea, and inserting > > that *first* with a delay following would be ideal; 1 second would be > > sufficient, 2 safer if the machine very busy. After that "chunking" the > > cached stuff and easing it in slowly would be a Good Thing(tm). > > Mark, > Can you add more about your reasoning why the low-grade entropy should be > input before the high-quality cached entropy? Sure! I'm presuming that there is sufficient delay after the initial low-grade stuff (compressed, so dense) for it _all_ to be used. This means that at least the first bits of whatever follows also gets used properly. The low-grade stuff is the "best bet" for creating some form of difference between 2 otherwise identical machines, albeit small. This shortish delay also gives the TSC register a bit more time to provide further uncertainty for the later entropy reinsertion/harvesting. The high-grade then does the heavy-lifing, presuming that it exists, which after a dodgy start-up/restart, may not be the case. However, even a small piece of /dev/zero will give SOME entropy due to TSC uncertainty here, so further gathering has a better head start. (There is further help for the super-paranoid; resetting the "seeded" bit (sysctl) will cause /dev/random reads to block until the next reseed. This may be (ab)used to really keep the device safe by repeated clearing followed by writes of cached entropy.) M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1TCFRT-000Ise-E8>