Date: Sat, 22 Jul 2000 09:42:24 +0200 From: Mark Murray <mark@grondar.za> To: Kris Kennaway <kris@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007220742.JAA05424@grimreaper.grondar.za> In-Reply-To: <Pine.BSF.4.21.0007211849570.68809-100000@freefall.freebsd.org> ; from Kris Kennaway <kris@FreeBSD.org> "Fri, 21 Jul 2000 18:54:54 MST." References: <Pine.BSF.4.21.0007211849570.68809-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm all for storing a sample at shutdown and using it to help seed the > PRNG at startup, but it shouldn't be the only seed used (for example, the > case where the system has never been shut down (cleanly) before and so has > no pre-existing seed file is a BIG corner case to consider since thats how > the system is at the time it first generates SSH keys after a fresh > install). Agreed; we need more entropy sources that are available early enough to be useful. > It might be only an academic vulnerability, but if someone can read your > HD during the time the system is shut down then I'd prefer them not to > know the precise state when the system next starts up again. Yes, if they > can read they can probably also write, but it seems like a mistake when > there's nothing really gained by saving the complete state, as opposed to > an extract. Academic argument noted; with more entropy sources, this situation will improve. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007220742.JAA05424>