From owner-freebsd-current  Thu Oct 26 21: 0:49 2000
Delivered-To: freebsd-current@freebsd.org
Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55])
	by hub.freebsd.org (Postfix) with ESMTP id 14CE737B4C5
	for <current@FreeBSD.ORG>; Thu, 26 Oct 2000 21:00:48 -0700 (PDT)
Received: from gorean.org (Studded@master [10.0.0.2])
	by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id VAA22795;
	Thu, 26 Oct 2000 21:00:46 -0700 (PDT)
	(envelope-from DougB@gorean.org)
Message-ID: <39F8FDED.5C0C8A05@gorean.org>
Date: Thu, 26 Oct 2000 21:00:45 -0700
From: Doug Barton <DougB@gorean.org>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 5.0-CURRENT-102 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: current@FreeBSD.ORG
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Mark Murray <mark@grondar.za>
Subject: Re: entropy reseeding is totally broken
References: <200010262047.e9QKleY45974@earth.backplane.com> <200010262102.e9QL2ZM00703@grimreaper.grondar.za> <200010262125.e9QLPwL53609@earth.backplane.com> <20001026151612.B7284@dragon.nuxi.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

David O'Brien wrote:
> 
> On Thu, Oct 26, 2000 at 02:25:58PM -0700, Matt Dillon wrote:
> >     /etc/rc already assumes that /var is writable.  I recommend that you make
> >     that assumption by default... have the default entropy file be something
> >     like "/var/db/entropy_seed" and allow the administrator to override it
> >     with an RC variable.  You could allow the administrator to select a
> >     different entropy file and you could have another RC variable which allows
> >     the administrator to set a command which, when executed, returns an
> >     arbitrary sequence of bytes on its stdout to initialize entropy with.
> 
> This is sweet!  Seems it would give us the full benefits of Mark's
> randomdev, and fit nicely with our normal configuration framework and
> gives good flexibility.

	It also describes just what we have currently, except it misses the
advantages of putting the entropy file on the root partition which makes
it available immediately, and doesn't have mounting races built in. 

Doug
-- 
        "The dead cannot be seduced."
		- Kai, "Lexx"

	Do YOU Yahoo!?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message