Date: Thu, 26 Oct 2000 14:04:02 -0700 From: Ed Hall <edhall@weirdnoise.com> To: Doug Barton <DougB@gorean.org> Cc: current@FreeBSD.ORG Subject: Re: entropy reseeding is totally broken Message-ID: <200010262104.OAA20560@screech.weirdnoise.com> In-Reply-To: Your message of "Thu, 26 Oct 2000 12:49:47 PDT." <Pine.BSF.4.21.0010261218110.15371-100000@dt051n37.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote:
: Pending Mark's approval, I'd like to suggest we add a cron job to
: dump X k of data from /dev/random to a file (/boot/.periodic_entropy
: maybe?) and use that, AND ${entropy_file:/var/db/entropy} to reseed at
: boot, and only do the "long, annoying" failover process if neither file
: exists. The only remaining questions would be how many k of data to dump
: how often.
How about skipping the "long, annoying failover process" altogether and
simply logging to the console that the entropy reseeding process was
incomplete? Forcing an indeterminate delay to gather entropy is more
than a little paternalistic.
I've little doubt of /dev/random's theoretical soundness. But a
theoretical boost in security won't justify an actual reduction in
availability to many folks.
-Ed
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010262104.OAA20560>