Re: randomdev entropy gathering is really weak

[Maxim Sobolev]

Mark Murray wrote:

> > > I agree that it is not (very) random; however cclock jitter and keystroke
> > > timing can help thwart the bad guys...
> >
> > But do please keep in mind that many of my FreeBSD platforms have neither
> > keyboard or mouse.  And for the ones that do, they tend not to get used
> > until long after the system boots.  It's essential that the randomness
> > harvesting also be driven off of other events, such as network interface
> > or storage system interrupts for these environments.
>
> Agreed. I have already committed a "persistent" entropy cache that
> reseeds the random device on reboot.
>

You may also want to extend /etc/crontab to periodically save entropy. This would
help if something unexpected like halt(8) or panic(9) happened.

-Maxim






To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message