From owner-freebsd-current@FreeBSD.ORG Fri Apr 16 02:30:57 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C04BD16A4CE for ; Fri, 16 Apr 2004 02:30:57 -0700 (PDT) Received: from mail006.syd.optusnet.com.au (mail006.syd.optusnet.com.au [211.29.132.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90DA343D41 for ; Fri, 16 Apr 2004 02:30:56 -0700 (PDT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229]) i3G9Uj219554; Fri, 16 Apr 2004 19:30:47 +1000 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])i3G9UiSU026635; Fri, 16 Apr 2004 19:30:44 +1000 (EST) (envelope-from jeremyp@cirb503493.alcatel.com.au) Received: (from jeremyp@localhost)i3G9Udw0026634; Fri, 16 Apr 2004 19:30:39 +1000 (EST) (envelope-from jeremyp) Date: Fri, 16 Apr 2004 19:30:39 +1000 From: Peter Jeremy To: Mark Murray Message-ID: <20040416093039.GE53327@cirb503493.alcatel.com.au> References: <20040414090506.GA25565@server.vk2pj.dyndns.org> <200404151448.i3FEm9In021190@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200404151448.i3FEm9In021190@grimreaper.grondar.org> User-Agent: Mutt/1.4.2i cc: freebsd-current@freebsd.org Subject: Re: dev/random X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2004 09:30:57 -0000 On Thu, Apr 15, 2004 at 03:48:09PM +0100, Mark Murray wrote: >Peter Jeremy writes: >> If you don't need a great deal of entropy, you might be able to get >> away with stirring in the time of day, CPU cycle counter[1], and maybe >> time a couple of arbitrary disk seeks. If you had a _really_ cheap >> stirring function, maybe stir in all of KVM (this should vary slightly >> from boot to boot). This should be enough entropy to get to the >> point where you can start loading or acquiring reasonable entropy. > >Check /etc/rc.d/*random* - we've been doing this for years. :-) I meant that the kernel should seed /dev/random before it even starts init(8). I understood that one of the problems with /etc/rc.d/random was that you may need to have some entropy available to mount root so you can get to /etc/rc.d/random. (And /etc/rc.d/random doesn't help when you boot into single user mode and can't run ed or vi because there's no entropy). >> Of course, the default behaviour of automatically building ssh host >> keys as part of the boot sequence (when there's virtually no entropy >> available) is probably undesirable. > >We understand the problem all too well. > >There are two conflicting parts; 1) Starting the device early enough >and 2) making it secure (enough). One option (which may have already been implemented, I haven't done a 5-CURRENT install for a long time) would be to generate the host keys as part of sysinstall before rebooting. There's potentially a fair amount of entropy available by the end of the system installation. (In any case, it's unlikely to be less than what is available early during the boot process). -- Peter Jeremy