Re: No /boot/loader

In message <[EMAIL PROTECTED]> Leif Neland writes: : : : On Thu, 20 Jul 2000, Warner Losh wrote: : : > In message <[EMAIL PROTECTED]> Leif :Neland writes: : > : Just to be on the safe side, is there a simple way to see if a disk is : > : dedicated? : > : > fdisk -s ad0 : > : > If there's a

Re: No /boot/loader

On Thu, 20 Jul 2000, John Baldwin wrote: > No, that's wrong, too. A normal disk has a proper slice table (slices start > on cylinder boundaries and do not contain the MBR, thus leaving the first track > cylinder unused). A truly dedicated disk (disklabel auto ) uses a track > ... > at al

Re: kernel compile failure without -O option

On Wed, 19 Jul 2000, John Polstra wrote: > In article <[EMAIL PROTECTED]>, > Hellmuth Michaelis <[EMAIL PROTECTED]> wrote: > > > > In the process of tracing down the problem of the kernel panic when booting > > a kernel with pcvt enabled, i tried to compile a kernel without the -O > > option to

Re: randomdev entropy gathering is really weak

On Tue, 18 Jul 2000, Dan Moschuk wrote: > Well, how many other OSs out there allow /dev/random to be written to? FreeBSD, OpenBSD, NetBSD, Linux... Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <[EMAIL PROTECTED]> To Unsubscribe: send mail

Re: randomdev entropy gathering is really weak

On Tue, 18 Jul 2000, Dan Moschuk wrote: > | Gotcha - fix coming; I need to stash some randomness at shutdown time, and > | use that to reseed the RNG at reboot time. > > What about saving the state of the RNG and re-reading it on bootup? That > will allow Yarrow to continue right where it left

Re: randomdev entropy gathering is really weak

On Wed, 19 Jul 2000, George Michaelson wrote: > Where for instance do these ideas fit into the models proposed in > > draft-eastlake-randomness2-00.txt > > or the proceeding RFC? Well, Yarrow is an algorithm which is intended to provide a robust and secure source of cryptographic-stren

RSA problem with SSH ...

Just upgraded to the newest -current, and now can't use SSH: ssh: no RSA support in libssl and libcrypto. See ssl(8). Tried to read the 'ssl(8)' man page, but it comes back as: > man 8 ssl No entry for ssl in section 8 of the manual > man ssl No manual entry for ssl > Did mergemaster and saw

RE: RSA problem with SSH ...

Hi I had the same problem ... but in my case I did not have the RANDOMDEV compiled in ... so I loaded the kld and whala ... it worked ... Try loading the KLD .. also check that the lib's actually do include the RSA stuff (nm | grep RSA ) might help. Reinier On 21-Jul-00 The Hermit Hacker w

Re: RSA problem with SSH ...

Thus spake The Hermit Hacker ([EMAIL PROTECTED]): > Just upgraded to the newest -current, and now can't use SSH: > ssh: no RSA support in libssl and libcrypto. See ssl(8). options RANDOMDEV into kernel, or load randomdev.ko That solved it for me (though you mentioned it). I'M USA_RESIDENT=NO,

Re: RSA problem with SSH ...

Great ... I added RANDOMDEV to the wrong kernel config file :( Thanks, fixed now ... On Fri, 21 Jul 2000, Alexander Langer wrote: > Thus spake The Hermit Hacker ([EMAIL PROTECTED]): > > > Just upgraded to the newest -current, and now can't use SSH: > > ssh: no RSA support in libssl and lib

Re: randomdev entropy gathering is really weak

> > What about saving the state of the RNG and re-reading it on bootup? That > > will allow Yarrow to continue right where it left off. :-) > > That's a bad thing. You don't want someone to be able to examine the exact > PRNG state at next boot by looking at your hard disk after the machine has

Current broken in ncurses ?

Am I the only one with this ? cc -O -pipe -I. -I/src/src/lib/libncurses -I/src/src/lib/libncurses/../../contrib/ncurses/ncurses -I/src/src/lib/libncurses/../../contrib/ncurses/include -Wall -DFREEBSD_NATIVE -DNDEBUG -DHAVE_CONFIG_H -DTERMIOS -I/net/nas/roberto/sidhe/src/src/i386/usr/include -

ncurses breakage

Never mind. cvs wasn't apparently able to "cvs update" correctly and I was using the old Makefile. Weird. -- Ollivier ROBERT -=- Eurocontrol EEC/ITM -=- [EMAIL PROTECTED] The Postman hits! The Postman hits! You have new mail. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe free

Re: make kernel breakage: if_tap

On Fri, Jul 21, 2000 at 07:36:46 +0200, Leif Neland wrote: > Just cvsupped: > > Script started on Fri Jul 21 07:12:56 2000 CEST > gina/usr/src/sys/compile/GINA # make clean > ... > ===> if_tap > cd: can't cd to /usr/src/sys/modules/if_tap Here too. src/sys/modules/if_tap is a completely empty di

Re: randomdev entropy gathering is really weak

| > | Gotcha - fix coming; I need to stash some randomness at shutdown time, and | > | use that to reseed the RNG at reboot time. | > | > What about saving the state of the RNG and re-reading it on bootup? That | > will allow Yarrow to continue right where it left off. :-) | | That's a bad thi

OT: Praise to all you guys!

I just wanted to send this message to -current since I know that you "-current" developers were the ones primarily responsible for 4-STABLE. I just recently upgraded my primary box here from 3.5-STABLE to 4.0-R -> 4.1-RC and notice tons and tons more "snappyness" with the box. It boots faster, I

Re: randomdev entropy gathering is really weak

Mark Murray wrote: > > > > What about saving the state of the RNG and re-reading it on bootup? That > > > will allow Yarrow to continue right where it left off. :-) > > > > That's a bad thing. You don't want someone to be able to examine the exact > > PRNG state at next boot by looking at your h

Re: randomdev entropy gathering is really weak

Dan Moschuk wrote: > > | > | Gotcha - fix coming; I need to stash some randomness at shutdown time, and > | > | use that to reseed the RNG at reboot time. > | > > | > What about saving the state of the RNG and re-reading it on bootup? That > | > will allow Yarrow to continue right where it left

Re: No /boot/loader

Bruce Evans wrote: > On Thu, 20 Jul 2000, John Baldwin wrote: > > > No, that's wrong, too. A normal disk has a proper slice table (slices start > > on cylinder boundaries and do not contain the MBR, thus leaving the first > track > > cylinder unused). A truly dedicated disk (disklabel auto

Re: randomdev entropy gathering is really weak

Jeroen C. van Gelderen wrote: > Dan Moschuk wrote: > > > > I don't see how. If the attacker has physical access to the machine, there > > are plenty worse things to be done than just reading the state of a PRNG. > > > > If the random device is initialized in single user mode, and the file is >

Locale issues on -current

I installed a recent snapshot of -current (a week ago) and I keep getting the following warnings: [vshah@vorpal] /etc> perl perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LC_CTYPE = "en_US", LANG = (unset)

Re: randomdev entropy gathering is really weak

> > It is a Yarrow-mandated procedure. Please read the Yarrow paper. > > Actually, it's not. You don not want to save the exact > PRNG state to disk, ever. It's not Yarrow mandated > procedure but a big security hole. Section 2.1, last paragraph: "If a system is shut down, and restarted, it i

Re: randomdev entropy gathering is really weak

> You generate a new PGP keypair and start using it. Your > co-worker reboots your machine afterwards and recovers > the PRNG state that happens to be stashed on disk. He > can then backtrack and potentially recover the exact same > random numbers that you used for your key. Said state is rm'me

Re: Current broken in ncurses ?

On Fri, 21 Jul 2000, Ollivier Robert wrote: > Am I the only one with this ? > > cc -O -pipe -I. -I/src/src/lib/libncurses >-I/src/src/lib/libncurses/../../contrib/ncurses/ncurses >-I/src/src/lib/libncurses/../../contrib/ncurses/include -Wall -DFREEBSD_NATIVE >-DNDEBUG -DHAVE_CONFIG_H -DTERMIO

Re: OT: Praise to all you guys!

On Fri, 21 Jul 2000, John Reynolds wrote: > Bravo, congrats, and many thanks to all developers minor or major You have no idea how nice it is to hear GOOD news for a change. Thank you for taking the time. Glad you're enjoying it, Doug -- "Live free or die"

Re: randomdev entropy gathering is really weak

On Fri, 21 Jul 2000, Mark Murray wrote: : :Sure; we neet to be appropriately paranoid about that, but let's not :get ridiculous. The seed file could certainly use some decent protection, :but unfortunately, PC architectures don't come with SIMcards or the like. : Is it possible to combine the st

Journaling Filesystem ?

Hello. I was wondering if there is any work on a Journaling filesystem to possible replace, or as an alternative to UFS. I have been following ReiserFS for Linux quite closely, and I have had the chance to experiment with it. It seems to be coming along nicely and the performance is great. Are

Re: randomdev entropy gathering is really weak

> :Sure; we neet to be appropriately paranoid about that, but let's not > :get ridiculous. The seed file could certainly use some decent protection, > :but unfortunately, PC architectures don't come with SIMcards or the like. > : > > Is it possible to combine the state of the disk based seed with

Journaling Filesystem ?

< said: > Are there plans for something along this line for FreeBSD? Is there a > project underway? No. Soft Updates provides most of the benefits without requiring changes to the on-disk layout. See . -GAWollman To Unsubscribe: send mail to [EM

Re: Journaling Filesystem ?

I have been using softupdates since 3.x. It works pretty well - but recovery was not as good as ReiserFS - so far. I didn't quite catch what the improvements that are underway for current. What is the difference between a journal and a snapshot? Tom Veldhouse [EMAIL PROTECTED] - Original

RE: randomdev entropy gathering is really weak

> You generate a new PGP keypair and start using it. Your > co-worker reboots your machine afterwards and recovers > the PRNG state that happens to be stashed on disk. He > can then backtrack and potentially recover the exact same > random numbers that you used for your key. If that is

DHCP client problem?

Something changed very recently in the dhcp client stuff that seems to have broke my -current machine's ability to be a dhcp client. The symptom is that I see ifconfig: netmask 255.255.255.224: bad value come out of the script invocation, and the ip address does not get set. If I echo out the

missing idea.h ... ?

Just tried to compile kde2 after upgrading to the latest 5.0-CURRENT and its reporting: In file included from /usr/include/openssl/pem.h:66, from /usr/include/openssl/ssl.h:147, from https.cc:42: /usr/include/openssl/evp.h:99: openssl/idea.h: No such file or dir

Re: randomdev entropy gathering is really weak

On Fri, 21 Jul 2000, Mark Murray wrote: > Section 2.1, last paragraph: > "If a system is shut down, and restarted, it is desirable to store some > high-entropy data (such as the key) in non-volatile memory. This allows > the PRNG to be restarted in an unguessable state at the next restart. We > c

Re: randomdev entropy gathering is really weak

On Fri, 21 Jul 2000, Mark Murray wrote: > If you are worried about someone reading the disk of a rebooting box, > then you need to be worried about console access; if your attacker has > console, you are screwed anyway. For most people, yes. But it's like all of the buffer overflows in non-setui

Re: missing idea.h ... ?

orld', but should not having that cause a problem? I don't encounter such problems in my KDE 2721 builds. I build on 4.1-RC with full OpenSSL sources. BTW: I should have a webpage/ftpsite etc. ready for port test builds tomorrow.. bug me if it's not announced soon. 8) -- Will An

Re: missing idea.h ... ?

gt; it ... I just set 'MAKE_IDEA' in my make.conf and am doing a new 'make > > world', but should not having that cause a problem? > > I don't encounter such problems in my KDE 2721 builds. I build on > 4.1-RC with full OpenSSL sources. I just finished a

Re: (noperiph:ahc0:0:-1:-1): ... error

In servalan.mailinglist.fbsd-current you write: >I am trying to run a recent (as of today) and am seeing the following >error when I try to boot:: >(noperiph:ahc0:0:-1:-1): SCSI bus reset delivered. 0 SCBs aborted. >panic: Bogus resid sgptr value 0xbd68609 >(I copied this from the console after

Re: (noperiph:ahc0:0:-1:-1): ... error

You'll have to raise issue on freebsd-scsi. I sent the likely owner of the issue mail, but they don't monitor -current. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message

RE: randomdev entropy gathering is really weak

On Fri, 21 Jul 2000, David Schwartz wrote: > > You generate a new PGP keypair and start using it. Your > > co-worker reboots your machine afterwards and recovers > > the PRNG state that happens to be stashed on disk. He > > can then backtrack and potentially recover the exact same > > random numb

Re: OT: Praise to all you guys!

[ On Friday, July 21, Doug Barton wrote: ] > > You have no idea how nice it is to hear GOOD news for a > change. yes I do ... :) ... I work in a semi-support role at work where I hear lots of "it's broken" complaints. I know how frustrating it gets sometimes. > Thank you for taking the t

Re: randomdev entropy gathering is really weak

On Fri, 21 Jul 2000, Kris Kennaway wrote: > > Section 2.1, last paragraph: > > "If a system is shut down, and restarted, it is desirable to store some > > high-entropy data (such as the key) in non-volatile memory. This allows > > the PRNG to be restarted in an unguessable state at the next resta