From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 13:53:49 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D97F016A4E8 for ; Tue, 8 Aug 2006 13:53:49 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30310.mail.mud.yahoo.com (web30310.mail.mud.yahoo.com [68.142.200.103]) by mx1.FreeBSD.org (Postfix) with SMTP id A8E0943D92 for ; Tue, 8 Aug 2006 13:53:30 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 24189 invoked by uid 60001); 8 Aug 2006 13:53:30 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=uRDyXl/Vavh6GoOGTGEDtc6yVDqFVTMZzqShRFXcOgDyZX7yQ0ZV1B05K+h/EeJoWS5OsbdvMe3XexRkbz5+JMoCcXST+0+0Av1DFvjlqZsyfHGnroMG/Qb+tu2oZJKYBE34Q4j6+bOPCy85OSuSzl3daUS4rOt5UYDL+b7Val8= ; Message-ID: <20060808135330.24187.qmail@web30310.mail.mud.yahoo.com> Received: from [213.54.69.172] by web30310.mail.mud.yahoo.com via HTTP; Tue, 08 Aug 2006 06:53:30 PDT Date: Tue, 8 Aug 2006 06:53:30 -0700 (PDT) From: "R. B. Riddick" To: Michael Scheidell In-Reply-To: <44D88BF5.9060402@secnap.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 13:53:49 -0000 --- Michael Scheidell wrote: > R. B. Riddick wrote: > > --- Michael Scheidell wrote: > > > >>> I think that during the first reboot after a fresh install > >>> the kern.random.sys sysctl settings are already orderly > >>> before rc.d/sshd is called... > >>> > >>> If yes, then sending some pings should do the trick... Or > >>> not? I mean: NETWORKING should already be provided at that point... > >>> > >> I am not sure I understand what you are saying in the context of my > >> question. > >> > >> > > I mean: > > Instead of changing a rc.d script u or ur friend could just send some pings > to > > the deeply buried box... > > > > > why would that help? > > if (without changing rc file) /dev/random isn't seeded by networking, > why wold a ping help? > I was under the impression, that kern.random.sys.harvest.ethernet is 1 by default. That would mean, that ethernet traffic to that deeply buried box should feed that /dev/random until it is fat and round... Why do u believe, that /dev/random isnt seeded by networking? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com