On Thursday, 20 September 2012 at 11:21, Pawel Jakub Dawidek wrote: > It would be ideal if we could provide properly seeded PRNG even for > single-user mode, so eliminating initrandom altogether is also an > option
Amen to that. :) As I believe theraven@ pointed out a couple of days ago: it is very silly indeed that we are taking data generated by the kernel (process table) based on presumed-pseudorandom inputs, passing it to userspace, turning it into text (via ps), hashing that text and then passing it *back* to the kernel in order to stir into the entropy pool that we could instead just build from actually-fairly-random information like device_attach() times. Jon -- Jonathan Anderson jonat...@freebsd.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
