From owner-freebsd-arch@FreeBSD.ORG Fri Aug 9 07:29:25 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id E37E7B4C; Fri, 9 Aug 2013 07:29:25 +0000 (UTC) (envelope-from mark@grondar.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A761F2374; Fri, 9 Aug 2013 07:29:25 +0000 (UTC) Received: from graveyard.grondar.org ([88.96.155.33] helo=gronkulator.grondar.org) by gromit.grondar.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1V7h8U-0000CN-A7; Fri, 09 Aug 2013 08:29:23 +0100 Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Content-Type: multipart/signed; boundary="Apple-Mail=_5212E8EA-BC8C-41B3-ACF0-637431FC740A"; protocol="application/pgp-signature"; micalg=pgp-sha512 From: Mark R V Murray In-Reply-To: <20130808214033.GE95000@dragon.NUXI.org> Date: Fri, 9 Aug 2013 08:29:10 +0100 Message-Id: <71489715-FB89-48CA-8DD6-88AEEA996EA9@grondar.org> References: <20130807183516.GC79319@dragon.NUXI.org> <1EDB5C8E-5755-4A8A-89F1-A64412080744@yahoo.com> <20130808205514.GA95000@dragon.NUXI.org> <1F5C260F-DA73-4D71-BB4B-E749BA9DEB57@grondar.org> <20130808214033.GE95000@dragon.NUXI.org> To: obrien@freebsd.org X-Mailer: Apple Mail (2.1508) X-SA-Score: -2.2 Cc: Arthur Mesh , Scott Long , secteam@freebsd.org, freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2013 07:29:26 -0000 --Apple-Mail=_5212E8EA-BC8C-41B3-ACF0-637431FC740A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 8 Aug 2013, at 22:40, David O'Brien wrote: > On Thu, Aug 08, 2013 at 10:22:42PM +0100, Mark R V Murray wrote: >> Mechanism exists, but its disabled. I'd like to re-enable it. Look = for >> "seeded =3D 1" in randomdev_soft.c, and see what that "seeded" = variable >> does. >=20 > Hi Mark, > I'm not sure what you're saying here. That we could block at boot for > reason of the PRGN not being seeded if desired? Correct! > Or that we start seeded and thus never get unseeded? That is what we currently do. We "fix" it by pumping junk into = /dev/random with initrandom, but this is racey and suboptimal. M --=20 Mark R V Murray --Apple-Mail=_5212E8EA-BC8C-41B3-ACF0-637431FC740A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - http://gpgtools.org iQCVAwUBUgSaUd58vKOKE6LNAQpP+wP+M9oIujCWbyHzOu5xL0cnybRsZBSXZnBC URVYFpnb+rfQU2C+h5tD+1p+PSBGhaZGtLel6ewssh1/3hvdphUuckgBNIrzJ+q5 pltL2lXrr87dd1GPdfoiUZYzR4zgUamU97sIamRG34PqixaUjArADfsutvZYce6k ALAL5oG8oGA= =0Gsa -----END PGP SIGNATURE----- --Apple-Mail=_5212E8EA-BC8C-41B3-ACF0-637431FC740A--