On Tue, Apr 02, 2013, Xin LI wrote:
> Author: delphij
> Date: Tue Apr 2 23:41:20 2013
> New Revision: 249035
> URL: http://svnweb.freebsd.org/changeset/base/249035
>
> Log:
> Replace access to /dev/random with the kernel pseudo-random number
> source sysctl(KERN_ARND) and remove the fallback code.
Thanks. I wanted to do this several years ago.
Incidentally, the reason I didn't is that I had some concerns
about sysctl(KERN_ARND) not being sufficiently fail-safe. There
were a couple of issues, but the main one was that if something in
the kernel asked for a random number before the random device was
loaded, the result was not-so-random numbers. Furthermore, since
the generator was seeded at that point, it continued to give out
not-so-random numbers for some time. I added the following log
message in the problematic case:
"random device not loaded; using insecure entropy"
According to a Google search, I'm not the only person to have
triggered it. (I hit it because I dynamically link most drivers,
including random.ko. I'm not sure about the others.) I think your
patch is good, but the kernel-side issues probably bear some investigation.
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
