Re: dev/random warning on 10-STABLE after r292122 up till r292855
On Tue, Jan 5, 2016 at 2:00 PM, Peter Jeremy wrote: > On 2016-Jan-04 16:44:49 -0500, Mark Saad wrote: > >On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64. > > > >random device not loaded; using insecure entropy > > When I first noticed this, I investigated and worked out that it's > related to how the random device initialises itself and its data and > entropy sources. In particular, it reflects the state of the random > device at that point in time, not at any later point when random data > is actually requested. > > I agree that the wording of this message could unnecessarily alarm a > sysadmin and think it could be done better. IMHO, this sort of > alamist message should only be output if there is no decent entropy > source available when the random device is unblocked. > > -- > Peter Jeremy > Peter I agree it looks like its not really a big deal; what I cant find is what changed to make this even print out. The commits for this warning are from a long time ago. Off hand they are from 2014 or 2012. There were no changes to sys/dev/random in as much time; so I cant figure out what changed to make this even print out. -- mark saad | nones...@longcount.org ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: dev/random warning on 10-STABLE after r292122 up till r292855
On 2016-Jan-04 16:44:49 -0500, Mark Saad wrote: >On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64. > >random device not loaded; using insecure entropy When I first noticed this, I investigated and worked out that it's related to how the random device initialises itself and its data and entropy sources. In particular, it reflects the state of the random device at that point in time, not at any later point when random data is actually requested. I agree that the wording of this message could unnecessarily alarm a sysadmin and think it could be done better. IMHO, this sort of alamist message should only be output if there is no decent entropy source available when the random device is unblocked. -- Peter Jeremy signature.asc Description: PGP signature
Re: dev/random warning on 10-STABLE after r292122 up till r292855
On Tue, Jan 5, 2016 at 8:45 AM, Adam Vande More wrote: > On Mon, Jan 4, 2016 at 3:44 PM, Mark Saad wrote: > >> All >> At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64 >> starting at or about r292122 and still up till r292855. >> >> On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64. >> >> random device not loaded; using insecure entropy >> >> The full dmesg can be seen here >> http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871 >> >> I checked in svn and there are no recent changes to sys/dev/random . >> >> Does anyone have any insight into this ? >> > > It's more of an informational message about seeding the random number > generator. Probably man 4 random is the best explanation. > > > > -- > Adam > Adam Not sure why I didn't think of that, thanks for the pointer; I didn't see any change in the relevant default sysctls . On a 10-RELEASE box no warning [msaad@ny4-c108-nocbox ~]$ uname -a FreeBSD ny4-c108-nocbox 10.2-RELEASE-p7 FreeBSD 10.2-RELEASE-p7 #0: Mon Nov 2 14:19:39 UTC 2015 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 [msaad@ny4-c108-nocbox ~]$ sysctl kern.random kern.random.sys.harvest.swi: 1 kern.random.sys.harvest.interrupt: 1 kern.random.sys.harvest.point_to_point: 1 kern.random.sys.harvest.ethernet: 1 kern.random.sys.seeded: 1 kern.random.yarrow.slowoverthresh: 2 kern.random.yarrow.slowthresh: 128 kern.random.yarrow.fastthresh: 96 kern.random.yarrow.bins: 10 kern.random.yarrow.gengateinterval: 10 kern.random.live_entropy_sources: kern.random.active_adaptor: yarrow kern.random.adaptors: yarrow,dummy - On 10-STABLE with warning msaad@smokeping:~ % uname -a FreeBSD smokeping 10.2-STABLE FreeBSD 10.2-STABLE #0 r292855: Tue Dec 29 06:17:50 UTC 2015 r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 msaad@smokeping:~ % sysctl kern.random kern.random.sys.harvest.swi: 1 kern.random.sys.harvest.interrupt: 1 kern.random.sys.harvest.point_to_point: 1 kern.random.sys.harvest.ethernet: 1 kern.random.sys.seeded: 1 kern.random.yarrow.slowoverthresh: 2 kern.random.yarrow.slowthresh: 128 kern.random.yarrow.fastthresh: 96 kern.random.yarrow.bins: 10 kern.random.yarrow.gengateinterval: 10 kern.random.live_entropy_sources: kern.random.active_adaptor: yarrow kern.random.adaptors: yarrow,dummy -- mark saad | nones...@longcount.org ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: dev/random warning on 10-STABLE after r292122 up till r292855
On Mon, Jan 4, 2016 at 3:44 PM, Mark Saad wrote: > All > At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64 > starting at or about r292122 and still up till r292855. > > On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64. > > random device not loaded; using insecure entropy > > The full dmesg can be seen here > http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871 > > I checked in svn and there are no recent changes to sys/dev/random . > > Does anyone have any insight into this ? > It's more of an informational message about seeding the random number generator. Probably man 4 random is the best explanation. -- Adam ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: dev/random warning on 10-STABLE after r292122 up till r292855
Mark, > At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64 > starting at or about r292122 and still up till r292855. > random device not loaded; using insecure entropy I noticed this message a while back and again yesterday on my i386 which runs no modules, just a custom kernel (including "device random", of course) and dismissed it as a probable false positive error from not loading random.ko. 8< FreeBSD 10.2-STABLE #0: Mon Jan 4 00:48:15 EST 2016 a...@hal10001.halplant.net:/usr/obj/usr/src/sys/HAL10001 i386 FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 CPU: Genuine Intel(R) CPU T2500 @ 2.00GHz (1995.04-MHz 686-class CPU) Origin="GenuineIntel" Id=0x6e8 Family=0x6 Model=0xe Stepping=8 Features=0xbfe9fbff Features2=0xc1a9 AMD Features=0x10 VT-x: HLT,PAUSE TSC: P-state invariant, performance statistics real memory = 4294967296 (4096 MB) avail memory = 3417825280 (3259 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 random device not loaded; using insecure entropy 8< http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2873 -- -Andrew J. Caines- Unix Systems Engineer a.j.cai...@halplant.com "Machines take me by surprise with great frequency" - Alan Turing ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
dev/random warning on 10-STABLE after r292122 up till r292855
All At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64 starting at or about r292122 and still up till r292855. On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64. random device not loaded; using insecure entropy The full dmesg can be seen here http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871 I checked in svn and there are no recent changes to sys/dev/random . Does anyone have any insight into this ? -- mark saad | nones...@longcount.org ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"