From owner-freebsd-security Thu Mar 27 16:27:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA06223 for security-outgoing; Thu, 27 Mar 1997 16:27:51 -0800 (PST) Received: from sovcom.kiae.su (sovcom.kiae.su [193.125.152.1]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id QAA06203; Thu, 27 Mar 1997 16:27:37 -0800 (PST) Received: by sovcom.kiae.su id AA05931 (5.65.kiae-1 ); Fri, 28 Mar 1997 03:18:01 +0300 Received: by sovcom.KIAE.su (UUMAIL/2.0); Fri, 28 Mar 97 03:18:00 +0300 Received: (from ache@localhost) by nagual.ru (8.8.5/8.8.5) id DAA00583; Fri, 28 Mar 1997 03:13:40 +0300 (MSK) Date: Fri, 28 Mar 1997 03:13:38 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= To: Mark Murray Cc: Joerg Wunsch , markm@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ATTENTION: Initial state of random pool In-Reply-To: <199703271941.VAA07001@grackle.grondar.za> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 27 Mar 1997, Mark Murray wrote: > I am very keen to vastly improve /dev/random. > > I have lots of ideas, but my time supply and clue supply are not so good. > > At the moment, the pool of randomness is stirred far too often by MD5. I > have some more recent code by Ted Ts'o which uses SHA, and is improved in > other ways. Hmm, I not talk about improvements right now, only about bugfixes... To summarize what I want: 1) We need to check, if at least _one_ true random word added after boot just to be shure that daemons can use /dev/urandom. 2) If it happens, go to 4) 3) We need to add this random word, f.e. from timer. 4a) We need remove rndcontrol from rc.i386 (leaving it as user-land utility) and add all interrupts to kernel config file, i.e. something like: option RAND_INTS "5 7 10 11" or something more suitable. or 4b) We need to start rndcontrol as early as possible in /etc/rc (I think 4a is better) -- Andrey A. Chernov http://www.nagual.ru/~ache/