Date: Mon, 17 Jul 2000 21:44:12 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Alexander Langer <alex@big.endian.de>, "Louis A. Mamakos" <louie@TransSys.COM>, Mark Murray <mark@grondar.za>, "Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <3973B66C.D6BD5BFD@vangelderen.org> References: <2613.963842256@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:
>
> In message <20000717154549.A18676@cichlids.cichlids.com>, Alexander Langer writ
> es:
> >Thus spake Poul-Henning Kamp (phk@critter.freebsd.dk):
> >
> >> I have thought about adding a entropy server to my array of weird
> >> servers in my lab. Something like a Geiger counter and a smokedetector
> >> could do wonders.
> >
> >HA! Cool!
> >
> >Do that please!
> >
> >I mean, seriously.
> >And an option to sysinstall, where you can enable this as you can with
> >ntpdate :)
>
> DuH!
>
> NTP is the perfect way to gather entropy at bootup!
>
> Predicting the clock's offset from reality and the two way path to
> the server of choice is impossible, plus if people enable authentication
> later on the packets will be choke full of high-quality entropy.
Please quantify 'impossible'.
> We need an enterprising soul to add an option (default on) to
> ntpdate to write the received packets in toto to /dev/random
> if it exists.
I think we first need to figure out the security implications.
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3973B66C.D6BD5BFD>