Date: Thu, 24 Dec 2009 23:13:34 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-hackers@freebsd.org Subject: Re: yarrow random generator Message-ID: <20091224231334.2e242371@gumby.homeunix.com> In-Reply-To: <alpine.BSF.2.00.0912241945490.73550@fledge.watson.org> References: <5a5b03660912240445x7df1498dt42e29d93105efebc@mail.gmail.com> <oCmohG1K70vWpt/39IVPMdciTgk@DNdB9ElzNmEFYWRqT2UTVtuts%2BE> <4B339F27.6020707@freebsd.org> <5a5b03660912240941r6b76a839u819a8a1408816386@mail.gmail.com> <alpine.BSF.2.00.0912241945490.73550@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 24 Dec 2009 19:48:43 +0000 (GMT) Robert Watson <rwatson@FreeBSD.org> wrote: > On Thu, 24 Dec 2009, Paul Graphov wrote: > > > And also according to Schneier it is a good idea to save state of > > the PRNG and restore it on boot to make it "more seeded". > > In the default configuration, we save some PRNG output every few > minutes (using cron) to a file in /var so that it can be re-injected > into Yarrow on the next boot (done by /etc/rc.d/random). It isn't handled very well though. The files saved by crontab under /var are loaded a bit late in the boot sequence - after encrypted swap. The main entropy file is loaded earlier, but immediatly after ps -fauxww, sysctl -a, etc are dumped into the device, saturating its 4K of buffer space.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091224231334.2e242371>