From owner-freebsd-current  Thu Oct 26 15:12:45 2000
Delivered-To: freebsd-current@freebsd.org
Received: from volatile.chemicals.tacorp.com (ci391991-a.grnvle1.sc.home.com [24.9.31.75])
	by hub.freebsd.org (Postfix) with ESMTP id 6225737B479
	for <current@FreeBSD.ORG>; Thu, 26 Oct 2000 15:12:41 -0700 (PDT)
Received: (from morganw@localhost)
	by volatile.chemicals.tacorp.com (8.11.1/8.11.1) id e9QM8Fu06565;
	Thu, 26 Oct 2000 18:08:15 -0400 (EDT)
	(envelope-from morganw)
Date: Thu, 26 Oct 2000 18:08:15 -0400 (EDT)
From: Wesley Morgan <morganw@chemicals.tacorp.com>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: Doug Barton <DougB@gorean.org>, Ed Hall <edhall@weirdnoise.com>,
	current@FreeBSD.ORG
Subject: Re: entropy reseeding is totally broken 
In-Reply-To: <5033.972597123@critter>
Message-ID: <Pine.BSF.4.21.0010261757580.6460-100000@volatile.chemicals.tacorp.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 26 Oct 2000, Poul-Henning Kamp wrote:

> I don't really care that much how good my random bits are right after
> boot, but I do care about my machine coming up quickly.

I don't know about that, look at your boot logs:

Oct 26 17:32:19 catalyst /boot/kernel/kernel: Copyright (c) 1992-2000 The FreeBSD Project.
Oct 26 17:32:19 catalyst /boot/kernel/kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Oct 26 17:32:23 catalyst sshd[193]: Generating 768 bit RSA key.
Oct 26 17:32:23 catalyst sshd[193]: RSA key generation complete.

Those times aren't correct I'm sure, but if I can't get enough entropy for 
a 768 bit key _very soon_ after boot, we could have a problem.

Somehow, I think everyone should care about that.

> 
> Add a /etc/rc.conf knob which says
> 
> 	wait_until_entropy_collected=YES

Why not be secure by default and have

	i_dont_care_about_entropy=NO

-- 
                                           _ __ ___ ____  ___ ___ ___
          Wesley N Morgan                       _ __ ___ | _ ) __|   \
          morganw@chemicals.tacorp.com              _ __ | _ \._ \ |) |
          FreeBSD: The Power To Serve                  _ |___/___/___/
          6bone: 3ffe:1ce3:7::b4ff:fe53:c297
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message