Date: Thu, 11 Jan 2001 15:36:23 -0700 From: Warner Losh <imp@harmony.village.org> To: "Andrew Reilly" <areilly@bigpond.net.au> Cc: Mark Murray <mark@grondar.za>, Matt Dillon <dillon@earth.backplane.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh Message-ID: <200101112236.f0BMaNs75406@harmony.village.org> In-Reply-To: Your message of "Fri, 12 Jan 2001 09:22:50 %2B1100." <20010112092249.A42857@gurney.reilly.home> References: <20010112092249.A42857@gurney.reilly.home> <200101111901.f0BJ1jU72510@earth.backplane.com> <200101112033.f0BKXtI10390@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010112092249.A42857@gurney.reilly.home> "Andrew Reilly" writes: : Why? Can't you reseed the random device multiple times, as more : entropy becomes available? Sure, random() calls before then : might be more "crackable", but it doesn't sound as though that's : a serious problem. Exactly my point as well. You seed it with crap once. The random calls in mount will be less than completely random, but they will be random enough. You won't have an attacker who is able to race anything at that state in the boot process. You won't have any lingering information that could be useful down the road (as far as I can tell anyway). Just seed the device with something so that you can mount your real source of entropy. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101112236.f0BMaNs75406>