Date: Fri, 12 Jan 2001 09:36:11 -0700 From: Warner Losh <imp@harmony.village.org> To: Doug Barton <DougB@FreeBSD.org> Cc: Matt Dillon <dillon@earth.backplane.com>, Mark Murray <mark@grondar.za>, Sheldon Hearn <sheldonh@uunet.co.za>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh Message-ID: <200101121636.f0CGaBs81266@harmony.village.org> In-Reply-To: Your message of "Fri, 12 Jan 2001 00:46:37 PST." <3A5EC46D.A912BC6F@FreeBSD.org> References: <3A5EC46D.A912BC6F@FreeBSD.org> <200101120644.f0C6hvI12630@gratis.grondar.za> <200101120534.f0C5YYH96390@earth.backplane.com> <200101120652.f0C6qls78578@harmony.village.org> <200101120711.f0C7B4Y97991@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3A5EC46D.A912BC6F@FreeBSD.org> Doug Barton writes: : Since no one seems to actually be reading my posts, let me reiterate : something. /etc/rc does the following in the early stages right now: I read your posts. Please do not characterize things otherwise. : In case I haven't made it clear yet, I would really love to do away with : the "gross hacks" that make 3. work, and postpone reading in the "real" : entropy seeding till we get past 9. Up till we actually had offers of : help today, IT WAS NOT POSSIBLE TO MOUNT -A RELIABLY BECAUSE /DEV/RANDOM : WOULD BLOCK. Unless we were to modify /dev/random to not block until the first write to it. We're all aware of this. : Hopefully that will be the last time I have to say it. Now, : are you sure that ccdconfig, vinum, fsck, and mount* (other than nfs) : will work with a "weak" amount of randomness? We've answered this. They need good random numbers, but not cryptographically secure random numbers. : Apparently it makes sense to Schneier. For the initial commit Mark just : gave me something approximating the recommended values. I ran with the : stuff for a couple days and never even noticed it. I did start to think : however that the 8 seeds would probably really only be useful at boot : time, so it might make more sense to run it every 3 minutes for an hour : after boot, then every N minutes thereafter. However, I needed to do : some research on our new(ish) ability to schedule cron jobs for @boot, : or whatever the hell it is. Anything that runs once every three minutes is going to be strong resisted. Lots of people aren't going to like it. : As stated, Warner's suggestion is a good one, presuming that Mark is : satisfied regarding being able to provide sufficient entropy to : kickstart yarrow, AND that we're sure none of the things listed above in : 4-9 need strong randomness to work. I'm still wainting to hear back from Mark on the non-blocking idea. In the mean time, I would like to say that I appreciate your efforts, even if they aren't exactly what I'd do. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101121636.f0CGaBs81266>