From owner-freebsd-current Fri Jul 21 13: 2:34 2000 Delivered-To: freebsd-current@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id C96F637BE38 for ; Fri, 21 Jul 2000 13:02:20 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id WAA01222; Fri, 21 Jul 2000 22:02:10 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200007212002.WAA01222@grimreaper.grondar.za> To: David Scheidt Cc: current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak References: In-Reply-To: ; from David Scheidt "Fri, 21 Jul 2000 14:47:46 EST." Date: Fri, 21 Jul 2000 22:02:10 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > :Sure; we neet to be appropriately paranoid about that, but let's not > :get ridiculous. The seed file could certainly use some decent protection, > :but unfortunately, PC architectures don't come with SIMcards or the like. > : > > Is it possible to combine the state of the disk based seed with some other > source of real entropy? That would redudce the risk of having someone read > your disks while the system is shutdown. I'm working on haresting some more entropy; that should do what you want. (Things like disk activity, network stack, process tables and so on). If you are worried about someone reading the disk of a rebooting box, then you need to be worried about console access; if your attacker has console, you are screwed anyway. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message