From owner-cvs-all Fri Jan 12 23:55: 8 2001 Delivered-To: cvs-all@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id AC94D37B402; Fri, 12 Jan 2001 23:54:42 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f0D7s2I19423; Sat, 13 Jan 2001 09:54:05 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200101130754.f0D7s2I19423@gratis.grondar.za> To: Warner Losh Cc: Matt Dillon , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh References: <200101112233.f0BMXas75362@harmony.village.org> In-Reply-To: <200101112233.f0BMXas75362@harmony.village.org> ; from Warner Losh "Thu, 11 Jan 2001 15:33:36 MST." Date: Sat, 13 Jan 2001 09:53:57 +0200 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Well, I believe that this patch that would solve the dependency > issues. I didn't solve the /var/db/entropy was hard wired issues, > however, but that can be dealt with separately. Ok... > +date > /dev/random 2> /dev/random > +cat /bin/ls > /dev/random 2> /dev/random Why are you doing this? Why not just make the /dev/random device non-blocking-at-boot? Also, /bin/ls is a constant, and `date` is so close to a constant that you may as well make the above + echo "sooper seekrit password" > /dev/random ... for effectively the same result and a tiny increase in speed. > + if [ -w /dev/random ]; then > + if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \ > + -s "${entropy_file}" ]; then > + echo "Using ${entropy_file} as an entropy file" > + cat ${entropy_file} > /dev/random 2> /dev/random > + elif [ "${entropy_file}" != /var/db/entropy -a \ > + -f /var/db/entropy -a -r /var/db/entropy -a \ > + -s /var/db/entropy ]; then > + echo 'Using /var/db/entropy as an entropy file' > + cat /var/db/entropy > /dev/random 2> /dev/random > + else What about multiple entropy files? There are edge cases (crashes, hung reboots etc) where the entropy file might be zero-length. Having multiple files makes it a lot more secure (That was the point of Doug B's /.entropy directory). M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message