Date: Thu, 27 Mar 1997 21:41:38 +0200 From: Mark Murray <mark@grondar.za> To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> Cc: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>, markm@freebsd.org, security@freebsd.org Subject: Re: ATTENTION: Initial state of random pool Message-ID: <199703271941.VAA07001@grackle.grondar.za>
next in thread | raw e-mail | index | archive | help
=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= wrote: > Recent Joerg report about fortune behaviour make me think about initial > state of /dev/random, i.e. what happens when rndcontrol not called > at all and no keys pressed (or the same key sequence, because it > relays on scancode)? I fear that pool state is very predicted in this > case. If I right, we need to do something to have true random in the > pool even without rndcontrol tool (it called even after daemons > started, so daemons can't use its advantages in any case!). I.e. add some > timer randomness at the kernel boot state > and allows rndcontrol-style IRQ set in kernel configure file. > I see blkdev randomness commented out in the code, maybe we can > re-activate it? I am very keen to vastly improve /dev/random. I have lots of ideas, but my time supply and clue supply are not so good. At the moment, the pool of randomness is stirred far too often by MD5. I have some more recent code by Ted Ts'o which uses SHA, and is improved in other ways. I want to make a buffer (of structures (or whatever)) into which bits of "harvested" entropy get thrown. Only when this entropy is required, will the "stir" happen. I also want to include bits from the namei cache, and from the network interfaces. I am dead-scared that I will slow down the system, so I need to provide a "turn this feature off" knob for the speed freaks. > If my fears are true, we need to fix it ASAP. Right now, I believe that the hard-earned randomness may be being used for trivial jobs. I do believe, though, that much more entropy can be provided. M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703271941.VAA07001>