From owner-freebsd-hackers@FreeBSD.ORG Fri May 31 12:02:46 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id F28EC2F7 for ; Fri, 31 May 2013 12:02:46 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ea0-x22b.google.com (mail-ea0-x22b.google.com [IPv6:2a00:1450:4013:c01::22b]) by mx1.freebsd.org (Postfix) with ESMTP id 8BC44B1B for ; Fri, 31 May 2013 12:02:46 +0000 (UTC) Received: by mail-ea0-f171.google.com with SMTP id b15so1513347eae.2 for ; Fri, 31 May 2013 05:02:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=qlTC3ZuSc2K05suRZ3soUyDzgYHNgETj9LvMkK9fbvY=; b=gaTk/tTrvLHSp4pwNJ9pEIXjvkhmkxTJJMxjQXbaUP5LJmMocCdbH9ZWGN7LaeVmbM RjYp6m89+gb8Mgbq+YMTH2kUTkBq0YK6PLqfo/0LJz2gxmoQqo4ojwX+/VnfGVYLmjpe fu4VUw4bhcGwPXjTSfIozFpoNT35dZmt8GZ33YRHttQhCI4TMUbPh1TVKfxJ6PjbFuv9 kjenQFFXHrfnU8hZMqXnjG3aRdxyJI3LzZoWMacK3yyss16LXTNSnGPAc4/FqSGIjlWz GlRQzP8dxC4TXjFzQPs2U3iLCYWOja97BRZCLD0SkpfTMyeQq500yTjbc2ppz/Kt7Rlj sI1Q== X-Received: by 10.15.108.141 with SMTP id cd13mr13398196eeb.46.1370001765661; Fri, 31 May 2013 05:02:45 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPSA id s43sm66550925eem.13.2013.05.31.05.02.44 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Fri, 31 May 2013 05:02:45 -0700 (PDT) Date: Fri, 31 May 2013 13:02:43 +0100 From: RW To: freebsd-hackers@freebsd.org Subject: Re: seeding randomness in zee cloud Message-ID: <20130531130243.18fb9a30@gumby.homeunix.com> In-Reply-To: <0BF6FBDD-47E8-44F1-BA71-A355EDCDEDB6@webweaving.org> References: <0BF6FBDD-47E8-44F1-BA71-A355EDCDEDB6@webweaving.org> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.17; amd64-portbld-freebsd10.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 May 2013 12:02:47 -0000 On Fri, 31 May 2013 12:01:02 +0200 Dirk-Willem van Gulik wrote: > Now we happen to have very easy access to blocks of 1024bits of > randomness from a remote server in already nicely PKI signed packages > (as it is needed later for something else). > > Is it safe to simply *add* those with: > > set -1 > # fetch randomness & check signature > .. snipped... > > # Seed Software random generator > # > cat rnd > /dev/random To be on the safe side you should sleep for about 0.5 seconds after this > > # Activate software random generator as an additional source > sysctl kern.random.sys.harvest.swi=1 IIRC this doesn't do anything