Kevin Day wrote:
> Maybe sysinstall could be collecting entropy during the installation and
> use that for an initial seed if the timeout happens? It wouldn't be
> perfect, but it'd be better than killing ssh.
The patches you sent to implement this option didn't come through to the
mailing list,
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Day
> Sent: Tuesday, August 08, 2006 4:59 PM
> To: Doug Barton
> Cc: freebsd-security@freebsd.org
> Subject: Re: seeding dev/random in 5.5
>
Yes, the install I had to do in amsterdam, translatin
On Aug 8, 2006, at 12:34 PM, Doug Barton wrote:
(if doing this from an unattended bootup, expecting the 300 second
timeout, I find that sshd does not start!)
I cannot imagine a scenario where a competent system administrator
would do
a clean install on a machine, reboot it, and then just wal
Please note that in spite of my @freebsd.org address, I do not purport to
speak for the project here. That said, this isn't really a security@ issue,
it's more of a freebsd-stable@ issue, for future reference. And FYI, I'm
also combining two of your posts so that hopefully we can put this issue to
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> This would affect the generic stock 5.5 install disk as well (it doesn't
> create new keys when it builds a virgin hard disk)
> If a user just hits return, there is no error message, no indication
> that /dev/random wasn't seeded.
>
> We have a bo
R. B. Riddick wrote:
> --- Michael Scheidell <[EMAIL PROTECTED]> wrote:
>
>> R. B. Riddick wrote:
>>
>>> Why do u believe, that /dev/random isnt seeded by networking?
>>>
>>>
>>>
>> because it isn't.
>> and pings arn' going to produce much random data.
>>
>>
> Hmm... Interest
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> R. B. Riddick wrote:
> > Why do u believe, that /dev/random isnt seeded by networking?
> >
> >
> because it isn't.
> and pings arn' going to produce much random data.
>
Hmm... Interesting...
> it might feed it LATER, saving to /var/db/entropy,
R. B. Riddick wrote:
>>
> I was under the impression, that
> kern.random.sys.harvest.ethernet
> is
> 1
> by default.
>
> That would mean, that ethernet traffic to that deeply buried box should feed
> that /dev/random until it is fat and round...
>
> Why do u believe, that /dev/random isnt
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> R. B. Riddick wrote:
> > --- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> >
> >>> I think that during the first reboot after a fresh install
> >>> the kern.random.sys sysctl settings are already orderly
> >>> before rc.d/sshd is called...
R. B. Riddick wrote:
> --- Michael Scheidell <[EMAIL PROTECTED]> wrote:
>
>>> I think that during the first reboot after a fresh install
>>> the kern.random.sys sysctl settings are already orderly
>>> before rc.d/sshd is called...
>>>
>>> If yes, then sending some pings should do the trick...
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> > I think that during the first reboot after a fresh install
> > the kern.random.sys sysctl settings are already orderly
> > before rc.d/sshd is called...
> >
> > If yes, then sending some pings should do the trick... Or
> > not? I mean: NETWOR
> -Original Message-
> From: R. B. Riddick [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 08, 2006 4:12 AM
> To: Michael Scheidell; freebsd-security@freebsd.org
> Subject: Re: seeding dev/random in 5.5
>
> I think that during the first reboot after a fresh install
> the kern.random.sy
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> I was doing some regression testing in 5.5: Specifically testing booting
> up a 'virgin' hard disk from a clean install.
>
> I was testing what happened if the 300 second timeout happened vs
> hitting for 'fast+insecure' startup and punching in a
13 matches
Mail list logo
