On Thu, 26 Oct 2000, Poul-Henning Kamp wrote:
> I don't really care that much how good my random bits are right after
> boot, but I do care about my machine coming up quickly.
I don't know about that, look at your boot logs:
Oct 26 17:32:19 catalyst /boot/kernel/kernel: Copyright (c) 1992-2000 The FreeBSD
Project.
Oct 26 17:32:19 catalyst /boot/kernel/kernel: Copyright (c) 1979, 1980, 1983, 1986,
1988, 1989, 1991, 1992, 1993, 1994
Oct 26 17:32:23 catalyst sshd[193]: Generating 768 bit RSA key.
Oct 26 17:32:23 catalyst sshd[193]: RSA key generation complete.
Those times aren't correct I'm sure, but if I can't get enough entropy for
a 768 bit key _very soon_ after boot, we could have a problem.
Somehow, I think everyone should care about that.
>
> Add a /etc/rc.conf knob which says
>
> wait_until_entropy_collected=YES
Why not be secure by default and have
i_dont_care_about_entropy=NO
--
_ __ ___ ____ ___ ___ ___
Wesley N Morgan _ __ ___ | _ ) __| \
[EMAIL PROTECTED] _ __ | _ \._ \ |) |
FreeBSD: The Power To Serve _ |___/___/___/
6bone: 3ffe:1ce3:7::b4ff:fe53:c297
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message