Re: dev/random warning on 10-STABLE after r292122 up till r292855

2016-01-05 Thread Mark Saad
On Tue, Jan 5, 2016 at 2:00 PM, Peter Jeremy  wrote:

> On 2016-Jan-04 16:44:49 -0500, Mark Saad  wrote:
> >On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.
> >
> >random device not loaded; using insecure entropy
>
> When I first noticed this, I investigated and worked out that it's
> related to how the random device initialises itself and its data and
> entropy sources.  In particular, it reflects the state of the random
> device at that point in time, not at any later point when random data
> is actually requested.
>
> I agree that the wording of this message could unnecessarily alarm a
> sysadmin and think it could be done better.  IMHO, this sort of
> alamist message should only be output if there is no decent entropy
> source available when the random device is unblocked.
>
> --
> Peter Jeremy
>

Peter
 I agree it looks like its not really a big deal; what I cant find is what
changed to make this even print out. The commits for this warning are from
a long time ago. Off hand they are from 2014 or 2012. There were no changes
to sys/dev/random in as much time; so I cant figure out what changed to
make this even print out.


-- 
mark saad | nones...@longcount.org
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


Re: dev/random warning on 10-STABLE after r292122 up till r292855

2016-01-05 Thread Peter Jeremy
On 2016-Jan-04 16:44:49 -0500, Mark Saad  wrote:
>On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.
>
>random device not loaded; using insecure entropy

When I first noticed this, I investigated and worked out that it's
related to how the random device initialises itself and its data and
entropy sources.  In particular, it reflects the state of the random
device at that point in time, not at any later point when random data
is actually requested.

I agree that the wording of this message could unnecessarily alarm a
sysadmin and think it could be done better.  IMHO, this sort of
alamist message should only be output if there is no decent entropy
source available when the random device is unblocked.

-- 
Peter Jeremy


signature.asc
Description: PGP signature


Re: dev/random warning on 10-STABLE after r292122 up till r292855

2016-01-05 Thread Mark Saad
On Tue, Jan 5, 2016 at 8:45 AM, Adam Vande More 
wrote:

> On Mon, Jan 4, 2016 at 3:44 PM, Mark Saad  wrote:
>
>> All
>>  At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64
>> starting at or about r292122  and still up till r292855.
>>
>> On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.
>>
>> random device not loaded; using insecure entropy
>>
>> The full dmesg can be seen here
>> http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871
>>
>> I checked in svn and there are no recent changes to sys/dev/random .
>>
>> Does anyone have any insight into this ?
>>
>
> It's more of an informational message about seeding the random number
> generator.  Probably man 4 random is the best explanation.
>
>
>
> --
> Adam
>

Adam
  Not sure why I didn't think of that, thanks for the pointer;  I didn't
see any change in the relevant default sysctls .

On a 10-RELEASE box no warning

[msaad@ny4-c108-nocbox ~]$ uname -a
FreeBSD ny4-c108-nocbox 10.2-RELEASE-p7 FreeBSD 10.2-RELEASE-p7 #0: Mon
Nov  2 14:19:39 UTC 2015
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
amd64
[msaad@ny4-c108-nocbox ~]$ sysctl kern.random
kern.random.sys.harvest.swi: 1
kern.random.sys.harvest.interrupt: 1
kern.random.sys.harvest.point_to_point: 1
kern.random.sys.harvest.ethernet: 1
kern.random.sys.seeded: 1
kern.random.yarrow.slowoverthresh: 2
kern.random.yarrow.slowthresh: 128
kern.random.yarrow.fastthresh: 96
kern.random.yarrow.bins: 10
kern.random.yarrow.gengateinterval: 10
kern.random.live_entropy_sources:
kern.random.active_adaptor: yarrow
kern.random.adaptors: yarrow,dummy


-
On 10-STABLE with warning

msaad@smokeping:~ % uname -a
FreeBSD smokeping 10.2-STABLE FreeBSD 10.2-STABLE #0 r292855: Tue Dec 29
06:17:50 UTC 2015
r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
amd64
msaad@smokeping:~ % sysctl kern.random
kern.random.sys.harvest.swi: 1
kern.random.sys.harvest.interrupt: 1
kern.random.sys.harvest.point_to_point: 1
kern.random.sys.harvest.ethernet: 1
kern.random.sys.seeded: 1
kern.random.yarrow.slowoverthresh: 2
kern.random.yarrow.slowthresh: 128
kern.random.yarrow.fastthresh: 96
kern.random.yarrow.bins: 10
kern.random.yarrow.gengateinterval: 10
kern.random.live_entropy_sources:
kern.random.active_adaptor: yarrow
kern.random.adaptors: yarrow,dummy



-- 
mark saad | nones...@longcount.org
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


Re: dev/random warning on 10-STABLE after r292122 up till r292855

2016-01-05 Thread Adam Vande More
On Mon, Jan 4, 2016 at 3:44 PM, Mark Saad  wrote:

> All
>  At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64
> starting at or about r292122  and still up till r292855.
>
> On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.
>
> random device not loaded; using insecure entropy
>
> The full dmesg can be seen here
> http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871
>
> I checked in svn and there are no recent changes to sys/dev/random .
>
> Does anyone have any insight into this ?
>

It's more of an informational message about seeding the random number
generator.  Probably man 4 random is the best explanation.



-- 
Adam
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


Re: dev/random warning on 10-STABLE after r292122 up till r292855

2016-01-04 Thread Andrew J. Caines
Mark,
>  At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64
> starting at or about r292122  and still up till r292855.
> random device not loaded; using insecure entropy

I noticed this message a while back and again yesterday on my i386 which
runs no modules, just a custom kernel (including "device random", of
course) and dismissed it as a probable false positive error from not
loading random.ko.

8<
FreeBSD 10.2-STABLE #0: Mon Jan  4 00:48:15 EST 2016
a...@hal10001.halplant.net:/usr/obj/usr/src/sys/HAL10001 i386
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: Genuine Intel(R) CPU   T2500  @ 2.00GHz (1995.04-MHz
686-class CPU)
  Origin="GenuineIntel"  Id=0x6e8  Family=0x6  Model=0xe  Stepping=8

Features=0xbfe9fbff
  Features2=0xc1a9
  AMD Features=0x10
  VT-x: HLT,PAUSE
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 3417825280 (3259 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: 
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
random device not loaded; using insecure entropy
8<

http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2873

-- 
-Andrew J. Caines-   Unix Systems Engineer   a.j.cai...@halplant.com
  "Machines take me by surprise with great frequency" - Alan Turing
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


dev/random warning on 10-STABLE after r292122 up till r292855

2016-01-04 Thread Mark Saad
All
 At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64
starting at or about r292122  and still up till r292855.

On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.

random device not loaded; using insecure entropy

The full dmesg can be seen here
http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871

I checked in svn and there are no recent changes to sys/dev/random .

Does anyone have any insight into this ?



-- 
mark saad | nones...@longcount.org
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"