Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Jan 2001 09:53:57 +0200
From:      Mark Murray <mark@grondar.za>
To:        Warner Losh <imp@harmony.village.org>
Cc:        Matt Dillon <dillon@earth.backplane.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh 
Message-ID:  <200101130754.f0D7s2I19423@gratis.grondar.za>
In-Reply-To: <200101112233.f0BMXas75362@harmony.village.org> ; from Warner Losh <imp@harmony.village.org>  "Thu, 11 Jan 2001 15:33:36 MST."
References:  <200101112233.f0BMXas75362@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Well, I believe that this patch that would solve the dependency
> issues.  I didn't solve the /var/db/entropy was hard wired issues,
> however, but that can be dealt with separately.

Ok...

> +date > /dev/random 2> /dev/random
> +cat /bin/ls > /dev/random 2> /dev/random

Why are you doing this? Why not just make the /dev/random device
non-blocking-at-boot?

Also, /bin/ls is a constant, and `date` is so close to a constant
that you may as well make the above

+ echo "sooper seekrit password" > /dev/random

... for effectively the same result and a tiny increase in speed.

> +	if [ -w /dev/random ]; then
> +		if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \
> +		    -s "${entropy_file}" ]; then
> +			echo "Using ${entropy_file} as an entropy file"
> +			cat ${entropy_file} > /dev/random 2> /dev/random
> +		elif [ "${entropy_file}" != /var/db/entropy -a \
> +		    -f /var/db/entropy -a -r /var/db/entropy -a \
> +		    -s /var/db/entropy ]; then
> +			echo 'Using /var/db/entropy as an entropy file'
> +			cat /var/db/entropy > /dev/random 2> /dev/random
> +		else

What about multiple entropy files? There are edge cases (crashes, hung
reboots etc) where the entropy file might be zero-length. Having multiple
files makes it a lot more secure (That was the point of Doug B's
/.entropy directory).

M
-- 
Mark Murray
Warning: this .sig is umop ap!sdn


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101130754.f0D7s2I19423>