Date: Mon, 7 Dec 2020 03:12:35 -0800 From: Dave Hayes <dave@jetcafe.org> To: Mark Murray <markm@FreeBSD.org> Cc: freebsd-hackers@freebsd.org Subject: Re: arc4random initialization Message-ID: <20201207031235.11ec2570@bigus.dream-tech.com> In-Reply-To: <EB47F35A-EAD8-4B97-B676-FD8C5AD57398@FreeBSD.org> References: <20201206153625.13e349a8@bigus.dream-tech.com> <EB47F35A-EAD8-4B97-B676-FD8C5AD57398@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Dec 2020 08:37:42 +0000 Mark Murray <markm@FreeBSD.org> wrote: > > On 6 Dec 2020, at 23:36, Dave Hayes <dave@jetcafe.org> wrote: > > > > So security-wise, just how bad is it to be improperly seeded? If I cannot > > get a valid entropy stash at boot time, can I delay the need for it until I > > can get a writable filesystem up and running? > This means that the random(4) device and relevant infrastructure like > arc4random starts up in an insecure state and is not to be trusted for e.g. > generating SSH keys. > > After you have used the machine for a while (exactly how long "depends"), > it will reseed itself and become secure. Thank you for this response. Is there any indication as to when it has safely reseeded? Is one able to force a reseed by any mechanism? -- Dave Hayes - Consultant - LA CA, USA - dave@dream-tech.com >>>> *The opinions expressed above are entirely my own* <<<< Sunshine proves it's own existence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201207031235.11ec2570>