Date: Fri, 21 Jul 2000 22:02:10 +0200 From: Mark Murray <mark@grondar.za> To: David Scheidt <dscheidt@enteract.com> Cc: current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007212002.WAA01222@grimreaper.grondar.za> In-Reply-To: <Pine.NEB.3.96.1000721144509.32521A-100000@shell-1.enteract.com> ; from David Scheidt <dscheidt@enteract.com> "Fri, 21 Jul 2000 14:47:46 EST." References: <Pine.NEB.3.96.1000721144509.32521A-100000@shell-1.enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> :Sure; we neet to be appropriately paranoid about that, but let's not > :get ridiculous. The seed file could certainly use some decent protection, > :but unfortunately, PC architectures don't come with SIMcards or the like. > : > > Is it possible to combine the state of the disk based seed with some other > source of real entropy? That would redudce the risk of having someone read > your disks while the system is shutdown. I'm working on haresting some more entropy; that should do what you want. (Things like disk activity, network stack, process tables and so on). If you are worried about someone reading the disk of a rebooting box, then you need to be worried about console access; if your attacker has console, you are screwed anyway. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007212002.WAA01222>