From owner-freebsd-current Sun Jul 16 13:21: 1 2000 Delivered-To: freebsd-current@freebsd.org Received: from mass.osd.bsdi.com (adsl-63-202-177-51.dsl.snfc21.pacbell.net [63.202.177.51]) by hub.freebsd.org (Postfix) with ESMTP id 47F1937B681; Sun, 16 Jul 2000 13:20:56 -0700 (PDT) (envelope-from msmith@mass.osd.bsdi.com) Received: from mass.osd.bsdi.com (localhost [127.0.0.1]) by mass.osd.bsdi.com (8.9.3/8.9.3) with ESMTP id NAA03949; Sun, 16 Jul 2000 13:29:50 -0700 (PDT) (envelope-from msmith@mass.osd.bsdi.com) Message-Id: <200007162029.NAA03949@mass.osd.bsdi.com> X-Mailer: exmh version 2.1.1 10/15/1999 To: "Andrey A. Chernov" Cc: markm@freebsd.org, current@freebsd.org Subject: Re: randomdev entropy gathering is really weak In-reply-to: Your message of "Sun, 16 Jul 2000 10:59:45 PDT." <20000716105943.A60072@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 16 Jul 2000 13:29:50 -0700 From: Mike Smith Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I found that I always got the same fortune quote after reboot, over and over > again. It means that /dev/random produce exact the same values after reboot. > It means that machine timer or keyboard not used for enthropy gathering. > Using keyboard alone not helps for automatic tasks because it can be even not > present, so machine timer must be used at least after reboot stage i.e. in > randomdev init procedure. Otherwise first random values are very predictable > and subject for attack. The problem is that the randomdev stuff should be a delete option, ie. it should be built as part of the kernel unless EXPLICITLY excluded, not the wrong way around as it is at the moment. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message