Date: Thu, 26 Oct 2000 11:06:34 -0700 (PDT) From: John Baldwin <jhb@FreeBSD.org> To: Rod Taylor <rbt@zort.on.ca> Cc: current@FreeBSD.org, Doug Barton <DougB@gorean.org> Subject: Re: entropy reseeding is totally broken Message-ID: <XFMail.001026110634.jhb@FreeBSD.org> In-Reply-To: <39F807E6.69AD0CBB@zort.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26-Oct-00 Rod Taylor wrote: > Doug Barton wrote: >> >> Wesley Morgan wrote: >> > >> > I'm not knocking anyone or any code, especially considering this IS >> > -current... BUT... I don't need to read the code to know that I am seeing >> > the same fortunes on first login after reboot more often than I can >> > attribute to random chance. Maybe nanotime is being harvested, but it >> > seems that there is a time lag between system startup and reaching a state >> > of "true pseudo-entropy". Also, every reboot has entropy caching failing >> > to work. I don't know if this is a product of the broken reseeding or >> > what, because the /etc/rc files seem to be fine. >> >> How exactly are you rebooting? If you're using the 'reboot' command, >> that explains why entropy reseeding is not working. As has been >> discussed several times on -current, you only run rc.shutdown if you use >> another method, like 'shutdown -r now', 'init 6', or even the trust >> three-finger salute. > > How about when I hit the reset button? That case SHOULD be taken care > of too! Would it not be possible to sample /dev/random to store the > entropy every hour or so that the system runs? Atleast that way you > would be guarenteed to have something. And if a malicious user on your machine grabs the saved entropy file and then reboots your machine using some exploit of some sort? Granted neither of these tasks may be easy, and it could be done in such a way that the first requires root access. -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.001026110634.jhb>