From owner-freebsd-hackers@freebsd.org Mon Dec 7 09:46:01 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 503C147D07C for ; Mon, 7 Dec 2020 09:46:01 +0000 (UTC) (envelope-from hmurray@megapathdsl.net) Received: from ip-64-139-1-69.sjc.megapath.net (ip-64-139-1-69.sjc.megapath.net [64.139.1.69]) by mx1.freebsd.org (Postfix) with ESMTP id 4CqJN83Vclz4Zvx; Mon, 7 Dec 2020 09:46:00 +0000 (UTC) (envelope-from hmurray@megapathdsl.net) Received: from shuksan (localhost [127.0.0.1]) by ip-64-139-1-69.sjc.megapath.net (Postfix) with ESMTP id 74A3D40605C; Mon, 7 Dec 2020 01:45:52 -0800 (PST) X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3 To: Mark Murray cc: freebsd-hackers@freebsd.org, hmurray@megapathdsl.net From: Hal Murray Subject: Re: arc4random initialization In-Reply-To: Message from Mark Murray of "Mon, 07 Dec 2020 08:37:42 GMT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 07 Dec 2020 01:45:52 -0800 Message-Id: <20201207094552.74A3D40605C@ip-64-139-1-69.sjc.megapath.net> X-Rspamd-Queue-Id: 4CqJN83Vclz4Zvx X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of hmurray@megapathdsl.net has no SPF policy when checking 64.139.1.69) smtp.mailfrom=hmurray@megapathdsl.net X-Spamd-Result: default: False [-1.50 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[64.139.1.69:from]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[megapathdsl.net]; AUTH_NA(1.00)[]; TO_DN_SOME(0.00)[]; SPAMHAUS_ZRD(0.00)[64.139.1.69:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:4565, ipnet:64.139.0.0/18, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2020 09:46:01 -0000 markm@FreeBSD.org said: > Once you've installed on some R/W medium and rebooted, the necessary entropy > will have been stashed for you, and the first SSH keys will be generated > properly. If I do a fresh install, when does the host's SSH key get generated and where does the entropy for that step come from? I assume lots of entropy is generated during the install. Does that get written to the new system's disk so it has some at first boot? Does the on-disk entropy file get updated occasionally (as compared to only at shutdown) so it doesn't get reused if the system crashes? If so, how often is "occasionally"? Will that turn into a wear-out problem if running on a flash drive? (eg Raspberry Pi) -- These are my opinions. I hate spam.