Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Jan 2001 23:52:47 -0700
From:      Warner Losh <imp@harmony.village.org>
To:        Mark Murray <mark@grondar.za>
Cc:        Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@winston.osd.bsdi.com>, Sheldon Hearn <sheldonh@uunet.co.za>, obrien@FreeBSD.org, Doug Barton <dougb@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh 
Message-ID:  <200101120652.f0C6qls78578@harmony.village.org>
In-Reply-To: Your message of "Fri, 12 Jan 2001 08:43:51 %2B0200." <200101120644.f0C6hvI12630@gratis.grondar.za> 
References:  <200101120644.f0C6hvI12630@gratis.grondar.za>  <200101120534.f0C5YYH96390@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <200101120644.f0C6hvI12630@gratis.grondar.za> Mark Murray writes:
: >     I would do the following:
: > 
: > 	* Use Warner's fix, possibly adding 'dmesg' output in phase-1.
: 
: It make more sense to make the random device nonblocking-at-boot than
: to do this.

Maybe we could make it non-blocking until the first write to
/dev/random?  This would solve the problems that we're seeing, as well
as allowing sshd to have enough entropy to get good results.

: > 	* Change the crontab to something reasonable, like once every
: > 	  30 minutes.  Every 3 minutes is way too disruptive.  Massive
: > 	  overkill.
: 
: Read the Yarrow paper. Yarrow suggests an entropy dump _every_ reseed.
: Best let the user/admin tweek it as required. "crontab -e" is your
: friend.

Agreed.  once a second would be too often for flash systems :-).

: Do we really need cryptographic randomness to do a "fsck -y" and
: "mount -a"? If not, then that is the problem.

I don't think we do, so long as we can get good random numbers.  I
don't think we need them to meet the cryptographcially random.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101120652.f0C6qls78578>