Re: randomdev entropy gathering is really weak

[Mark Murray]

> > I agree that it is not (very) random; however cclock jitter and keystroke
> > timing can help thwart the bad guys...
> 
> But do please keep in mind that many of my FreeBSD platforms have neither
> keyboard or mouse.  And for the ones that do, they tend not to get used
> until long after the system boots.  It's essential that the randomness
> harvesting also be driven off of other events, such as network interface
> or storage system interrupts for these environments.

Agreed. I have already committed a "persistent" entropy cache that
reseeds the random device on reboot.

> In fact, it would be rather interesting to have a configuration flag which
> always forces something like an fsck on a file system in order to provide
> some entropy to the random device.  Or some other user-exposed way of
> providing entropy.  I might have some data on disk, or some network
> operations which can be performed to help seed the entropy pool.

I'm (er, phk is) looking at hooking namei() in some way.

I'm also going to hook the networking stack.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message