Date: Tue, 8 Aug 2006 07:15:01 -0700 (PDT) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: Michael Scheidell <scheidell@secnap.net> Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 Message-ID: <20060808141501.56763.qmail@web30313.mail.mud.yahoo.com> In-Reply-To: <44D89958.2030305@secnap.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Michael Scheidell <scheidell@secnap.net> wrote: > R. B. Riddick wrote: > > Why do u believe, that /dev/random isnt seeded by networking? > > > > > because it isn't. > and pings arn' going to produce much random data. > Hmm... Interesting... > it might feed it LATER, saving to /var/db/entropy, but when the system > is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to > generate enough to feed to /dev/random, it doesn't > Hopefully... I was under the impression, that new "random" events are gathered continuously in order to create an always good source of random ... > I can reproduce it 100% of the time, every time, all day long. > OK... But I still dont understand why that is... Does it have an ethernet NIC? Is that sysctl (kern.random.sys.harvest.ethernet) set to 1 before rc.d/sshd starts? > Only two workarounds that I know of: > #1, put in more than 3 lines of garbage on console. > #2, put in more than 5 packets of garbage from ethernet > (which, acknowledged: if hacker is trying to seed known data to this > box, he could feed it known data) > If I may add: I know another workaround: Create the key files during the install process, which has to be done quite handish anyway, if u do it on a far away deeply buried box... Or not? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060808141501.56763.qmail>