>> > No amount of uptime and activity was increasing the entropy in my >> > system before I patched it. >> >> As I understand it, entropy was being contributed. What wasn't >> happening was the random driver code recognizing and acknowledging that >> entropy, because it had no way to tell how much of it there really was. > > Clearly there was no entropy being contributed in any way shape or form.
Well. That depends on what you mean by "entropy". Samples are still being collected and mixed into the pool from your listed sources. By your statement, that should have contributed some "randomness" into the pool, some might call this "entropy". However, since the quality of those samples are unknown, and there is no reliable model to estimate the actual quality of those samples, they are in NetBSD-current not being counted as contributing to the "entropy estimate" counter. That is by design: the entropy estimation is now quite conservative, as you have noticed. I also presented a workaround for this problem; if you are reasonably certain that you actually have mixed in a sufficient number of bits of sufficient quality into the randomness pool (see "rndctl -l -v"), you can do # dd if=/dev/urandom of=/dev/random count=1 since if this is done by root, it counts as the "/dev/random" source, and the bits fed in there by root are counted 1:1 as contributing to the entropy estimate. After this, your system will not block anymore reading on /dev/random, and this state of affairs will be preserved across reboots as long as you save and restore the entropy pool on reboot. (Which, admittedly, requires r/w storage for the relevant file/directory, ref. your other ongoing thread.) > I told the system to "count" the entropy being gathered by the > appropriate driver(s), but it was being ignored entirely. Well, you are now counting bitstrings of unknown and perhaps dubious quality as contributing 1:1 to the "entropy estimate". It's by design that we don't do that anymore. > After my fix the system behaved as I told it to. But now with perhaps questionable estimation of the actual entropy sitting in your pool. Regards, - HÃ¥vard
