Date: Mon, 7 Dec 2020 22:31:22 -0800 From: Dave Hayes <dave@jetcafe.org> To: freebsd-hackers@freebsd.org Cc: cem@freebsd.org Subject: Re: arc4random initialization Message-ID: <20201207223122.28c188f5@bigus.dream-tech.com> In-Reply-To: <CAG6CVpVUPzaGK-CdqdvGEmytmkAH%2BQTrX0BRho-HPUts60HZpQ@mail.gmail.com> References: <20201206153625.13e349a8@bigus.dream-tech.com> <EB47F35A-EAD8-4B97-B676-FD8C5AD57398@FreeBSD.org> <CAG6CVpVUPzaGK-CdqdvGEmytmkAH%2BQTrX0BRho-HPUts60HZpQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Dec 2020 18:52:03 -0800 Conrad Meyer <cem@freebsd.org> wrote: > > Is there any indication as to when it has safely reseeded? > > For the core random device, the message "random: unblocking device." > is printed in dmesg and logged to /var/log/messages. Note that I am not running CURRENT, but 12.2-STABLE (r367506). Given this, the order of messages I see is: arc4random: no preloaded entropy cache random: entropy device external interface random: registering fast source Intel Secure Key RNG random: fast provider: "Intel Secure Key RNG" arc4random: no preloaded entropy cache random: unblocking device. arc4random: no preloaded entropy cache arc4random: no preloaded entropy cache (...at least 20 more of these). That is from "dmesg | grep random", which might be naive, but nonetheless illustrates my lack of certainty as to whether or not the appropriate generator has reseeded such that subsequent generation of cryptographic random numbers is safe. Just how do I know which messages are from arc4random(9) and which are from arc4random(3)? -- Dave Hayes - Consultant - LA CA, USA - dave@dream-tech.com >>>> *The opinions expressed above are entirely my own* <<<< No system is any use if you merely possess it. Ownership requires operation. No system is useful if one can only experiment with it. For a system to be useful, it must be correctly operated.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201207223122.28c188f5>