From owner-cvs-all  Thu Jan 11 22:54:12 2001
Delivered-To: cvs-all@freebsd.org
Received: from harmony.village.org (rover.village.org [204.144.255.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 58E9637B400; Thu, 11 Jan 2001 22:53:47 -0800 (PST)
Received: from harmony.village.org (localhost.village.org [127.0.0.1])
	by harmony.village.org (8.11.1/8.11.1) with ESMTP id f0C6qls78578;
	Thu, 11 Jan 2001 23:52:47 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Message-Id: <200101120652.f0C6qls78578@harmony.village.org>
To: Mark Murray <mark@grondar.za>
Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh 
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Jordan Hubbard <jkh@winston.osd.bsdi.com>,
	Sheldon Hearn <sheldonh@uunet.co.za>, obrien@FreeBSD.org,
	Doug Barton <dougb@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
In-reply-to: Your message of "Fri, 12 Jan 2001 08:43:51 +0200."
		<200101120644.f0C6hvI12630@gratis.grondar.za> 
References: <200101120644.f0C6hvI12630@gratis.grondar.za>  <200101120534.f0C5YYH96390@earth.backplane.com> 
Date: Thu, 11 Jan 2001 23:52:47 -0700
From: Warner Losh <imp@harmony.village.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <200101120644.f0C6hvI12630@gratis.grondar.za> Mark Murray writes:
: >     I would do the following:
: > 
: > 	* Use Warner's fix, possibly adding 'dmesg' output in phase-1.
: 
: It make more sense to make the random device nonblocking-at-boot than
: to do this.

Maybe we could make it non-blocking until the first write to
/dev/random?  This would solve the problems that we're seeing, as well
as allowing sshd to have enough entropy to get good results.

: > 	* Change the crontab to something reasonable, like once every
: > 	  30 minutes.  Every 3 minutes is way too disruptive.  Massive
: > 	  overkill.
: 
: Read the Yarrow paper. Yarrow suggests an entropy dump _every_ reseed.
: Best let the user/admin tweek it as required. "crontab -e" is your
: friend.

Agreed.  once a second would be too often for flash systems :-).

: Do we really need cryptographic randomness to do a "fsck -y" and
: "mount -a"? If not, then that is the problem.

I don't think we do, so long as we can get good random numbers.  I
don't think we need them to meet the cryptographcially random.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message