From owner-freebsd-current@FreeBSD.ORG Wed Apr 14 02:05:10 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FC7916A4CF for ; Wed, 14 Apr 2004 02:05:10 -0700 (PDT) Received: from mail017.syd.optusnet.com.au (mail017.syd.optusnet.com.au [211.29.132.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A1E343D3F for ; Wed, 14 Apr 2004 02:05:09 -0700 (PDT) (envelope-from peterjeremy@optushome.com.au) Received: from server.vk2pj.dyndns.org (c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229]) i3E956A20143 for ; Wed, 14 Apr 2004 19:05:07 +1000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1])i3E956Ru025643 for ; Wed, 14 Apr 2004 19:05:06 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.12.10/8.12.10/Submit) id i3E956kP025642 for freebsd-current@freebsd.org; Wed, 14 Apr 2004 19:05:06 +1000 (EST) (envelope-from peter) Date: Wed, 14 Apr 2004 19:05:06 +1000 From: Peter Jeremy To: freebsd-current@freebsd.org Message-ID: <20040414090506.GA25565@server.vk2pj.dyndns.org> References: <200404131550.i3DFocIn099231@grimreaper.grondar.org> <428207C0-8D7B-11D8-B697-003065ABFD92@mac.com> <20040413191058.GF20550@Odin.AC.HMC.Edu> <20040413232816.GB25818@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040413232816.GB25818@Odin.AC.HMC.Edu> User-Agent: Mutt/1.4.2.1i Subject: Re: dev/random X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2004 09:05:10 -0000 On Tue, Apr 13, 2004 at 04:28:16PM -0700, Brooks Davis wrote: >To be clear, the problem is not that you can't open /dev/random for >read, it's that read() blocks until sufficent entropy arrives. It's >worth noting that the quality of entropy needed in initdiskless is >pretty minimal. rand() would actually be fine here other then the fact >that use of rand should not be encouraged. If you don't need a great deal of entropy, you might be able to get away with stirring in the time of day, CPU cycle counter[1], and maybe time a couple of arbitrary disk seeks. If you had a _really_ cheap stirring function, maybe stir in all of KVM (this should vary slightly from boot to boot). This should be enough entropy to get to the point where you can start loading or acquiring reasonable entropy. I recall being bitten on several occasions when I was trying to use ed(1) in single user mode and having ed decide there wasn't enough entropy to create its temporary file. Of course, the default behaviour of automatically building ssh host keys as part of the boot sequence (when there's virtually no entropy available) is probably undesirable. [1] Maybe a couple of times at arbitrary points during the boot sequence - it's fairly cheap and probe/attach code is somewhat non-deterministic compared to the CPU clock. Peter