On 26-Oct-00 Rod Taylor wrote:
> Doug Barton wrote:
>>
>> Wesley Morgan wrote:
>> >
>> > I'm not knocking anyone or any code, especially considering this IS
>> > -current... BUT... I don't need to read the code to know that I am seeing
>> > the same fortunes on first login after reboot more often than I can
>> > attribute to random chance. Maybe nanotime is being harvested, but it
>> > seems that there is a time lag between system startup and reaching a state
>> > of "true pseudo-entropy". Also, every reboot has entropy caching failing
>> > to work. I don't know if this is a product of the broken reseeding or
>> > what, because the /etc/rc files seem to be fine.
>>
>> How exactly are you rebooting? If you're using the 'reboot' command,
>> that explains why entropy reseeding is not working. As has been
>> discussed several times on -current, you only run rc.shutdown if you use
>> another method, like 'shutdown -r now', 'init 6', or even the trust
>> three-finger salute.
>
> How about when I hit the reset button? That case SHOULD be taken care
> of too! Would it not be possible to sample /dev/random to store the
> entropy every hour or so that the system runs? Atleast that way you
> would be guarenteed to have something.
And if a malicious user on your machine grabs the saved entropy file
and then reboots your machine using some exploit of some sort? Granted
neither of these tasks may be easy, and it could be done in such a way
that the first requires root access.
--
John Baldwin <[EMAIL PROTECTED]> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
