Date: Sun, 24 Jul 2005 17:51:54 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Colin Percival <cperciva@freebsd.org> Cc: Poul-Henning Kamp <phk@haven.freebsd.dk>, Pawel Jakub Dawidek <pjd@freebsd.org>, freebsd-security@freebsd.org Subject: Re: cvs commit: src/games/fortune/fortune fortune.c Message-ID: <42E437AA.1050307@FreeBSD.org> In-Reply-To: <42E3DF1E.9040405@freebsd.org> References: <20050724135738.GM46538@darkness.comp.waw.pl> <64009.1122213962@phk.freebsd.dk> <20050724181912.GO46538@darkness.comp.waw.pl> <42E3DF1E.9040405@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Colin Percival wrote:
> I think this would be more dangerous than valuable. "Most" failure modes of
> modern PRNGs will result in output which is cryptographically predictable but
> passes all known statistical tests. (To take a trivial example, the sequence
> MD5(0), MD5(1), MD5(2) ... looks random, but obviously isn't.)
>
> If we want to determine if the PRNG has been seeded properly, we should be
> querying the kernel, not trying to distinguish between "random" and "non-random"
> just based on its output.
I put the following in my /etc/rc.local file to try and do some detective
work on the fortune issue:
sysctl kern.random.sys.seeded >> ${TMPDIR:-/tmp}/sysctl.out
If others are seeing apparent problems with randomness issues on startup
this might be a useful diagnostic for them as well.
FWIW, I cranked up the entropy save function on my laptop to the following
values:
entropy_save_sz="4096" # Size of the entropy cache files.
entropy_save_num="17" # Number of entropy cache files to save.
And haven't seen any problems with repetitive fortunes in the last 2 days.
Since storage of these files is pretty painless, I'm tempted to crank this
up in /etc/defaults/rc.conf. Opinions?
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E437AA.1050307>