Date: Thu, 11 Jan 2001 23:52:47 -0700 From: Warner Losh <imp@harmony.village.org> To: Mark Murray <mark@grondar.za> Cc: Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@winston.osd.bsdi.com>, Sheldon Hearn <sheldonh@uunet.co.za>, obrien@FreeBSD.org, Doug Barton <dougb@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh Message-ID: <200101120652.f0C6qls78578@harmony.village.org> In-Reply-To: Your message of "Fri, 12 Jan 2001 08:43:51 %2B0200." <200101120644.f0C6hvI12630@gratis.grondar.za> References: <200101120644.f0C6hvI12630@gratis.grondar.za> <200101120534.f0C5YYH96390@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200101120644.f0C6hvI12630@gratis.grondar.za> Mark Murray writes: : > I would do the following: : > : > * Use Warner's fix, possibly adding 'dmesg' output in phase-1. : : It make more sense to make the random device nonblocking-at-boot than : to do this. Maybe we could make it non-blocking until the first write to /dev/random? This would solve the problems that we're seeing, as well as allowing sshd to have enough entropy to get good results. : > * Change the crontab to something reasonable, like once every : > 30 minutes. Every 3 minutes is way too disruptive. Massive : > overkill. : : Read the Yarrow paper. Yarrow suggests an entropy dump _every_ reseed. : Best let the user/admin tweek it as required. "crontab -e" is your : friend. Agreed. once a second would be too often for flash systems :-). : Do we really need cryptographic randomness to do a "fsck -y" and : "mount -a"? If not, then that is the problem. I don't think we do, so long as we can get good random numbers. I don't think we need them to meet the cryptographcially random. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101120652.f0C6qls78578>