Date: Thu, 26 Oct 2000 18:08:15 -0400 (EDT) From: Wesley Morgan <morganw@chemicals.tacorp.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Doug Barton <DougB@gorean.org>, Ed Hall <edhall@weirdnoise.com>, current@FreeBSD.ORG Subject: Re: entropy reseeding is totally broken Message-ID: <Pine.BSF.4.21.0010261757580.6460-100000@volatile.chemicals.tacorp.com> In-Reply-To: <5033.972597123@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Oct 2000, Poul-Henning Kamp wrote:
> I don't really care that much how good my random bits are right after
> boot, but I do care about my machine coming up quickly.
I don't know about that, look at your boot logs:
Oct 26 17:32:19 catalyst /boot/kernel/kernel: Copyright (c) 1992-2000 The FreeBSD Project.
Oct 26 17:32:19 catalyst /boot/kernel/kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Oct 26 17:32:23 catalyst sshd[193]: Generating 768 bit RSA key.
Oct 26 17:32:23 catalyst sshd[193]: RSA key generation complete.
Those times aren't correct I'm sure, but if I can't get enough entropy for
a 768 bit key _very soon_ after boot, we could have a problem.
Somehow, I think everyone should care about that.
>
> Add a /etc/rc.conf knob which says
>
> wait_until_entropy_collected=YES
Why not be secure by default and have
i_dont_care_about_entropy=NO
--
_ __ ___ ____ ___ ___ ___
Wesley N Morgan _ __ ___ | _ ) __| \
morganw@chemicals.tacorp.com _ __ | _ \._ \ |) |
FreeBSD: The Power To Serve _ |___/___/___/
6bone: 3ffe:1ce3:7::b4ff:fe53:c297
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010261757580.6460-100000>