55 messages in org.freebsd.freebsd-currentRe: entropy reseeding is totally broken | From | Sent On | Attachments |
|---|---|---|
| Андрей Чернов | Oct 19, 2000 9:48 pm | |
| Udo Schweigert | Oct 19, 2000 10:57 pm | |
| Андрей Чернов | Oct 19, 2000 11:39 pm | |
| Андрей Чернов | Oct 19, 2000 11:51 pm | |
| Doug Barton | Oct 20, 2000 1:18 am | |
| Андрей Чернов | Oct 20, 2000 9:27 am | |
| Андрей Чернов | Oct 20, 2000 9:43 am | |
| Mark Murray | Oct 20, 2000 10:06 am | |
| Андрей Чернов | Oct 20, 2000 1:13 pm | |
| Warner Losh | Oct 24, 2000 11:15 am | |
| Terry Lambert | Oct 25, 2000 3:35 am | |
| Андрей Чернов | Oct 25, 2000 3:50 am | |
| Mark Murray | Oct 25, 2000 10:37 am | |
| Андрей Чернов | Oct 25, 2000 11:12 am | |
| Wesley Morgan | Oct 25, 2000 2:15 pm | |
| Mark Murray | Oct 25, 2000 3:12 pm | |
| John W. De Boskey | Oct 25, 2000 4:20 pm | |
| Wesley Morgan | Oct 25, 2000 4:50 pm | |
| Mark Murray | Oct 25, 2000 5:01 pm | |
| Doug Barton | Oct 25, 2000 9:28 pm | |
| Ed Hall | Oct 26, 2000 12:30 am | |
| David O'Brien | Oct 26, 2000 12:50 am | |
| Андрей Чернов | Oct 26, 2000 1:47 am | |
| Kris Kennaway | Oct 26, 2000 2:17 am | |
| Kris Kennaway | Oct 26, 2000 2:21 am | |
| Андрей Чернов | Oct 26, 2000 2:54 am | |
| Андрей Чернов | Oct 26, 2000 3:01 am | |
| Rod Taylor | Oct 26, 2000 3:30 am | |
| Андрей Чернов | Oct 26, 2000 3:34 am | |
| Jordan Hubbard | Oct 26, 2000 5:20 am | |
| John W. De Boskey | Oct 26, 2000 6:24 am | |
| Matt Dillon | Oct 26, 2000 9:55 am | |
| Mark Murray | Oct 26, 2000 10:06 am | |
| Mark Murray | Oct 26, 2000 10:17 am | |
| John Baldwin | Oct 26, 2000 11:06 am | |
| Андрей Чернов | Oct 26, 2000 11:36 am | |
| Terry Lambert | Oct 26, 2000 12:04 pm | |
| Mark Murray | Oct 26, 2000 12:39 pm | |
| Doug Barton | Oct 26, 2000 12:49 pm | |
| David O'Brien | Oct 26, 2000 1:26 pm | |
| Mark Murray | Oct 26, 2000 1:29 pm | |
| Matt Dillon | Oct 26, 2000 1:47 pm | |
| Mark Murray | Oct 26, 2000 2:02 pm | |
| Ed Hall | Oct 26, 2000 2:03 pm | |
| Matt Dillon | Oct 26, 2000 2:25 pm | |
| Doug Barton | Oct 26, 2000 2:44 pm | |
| Poul-Henning Kamp | Oct 26, 2000 2:51 pm | |
| Wesley Morgan | Oct 26, 2000 3:07 pm | |
| David O'Brien | Oct 26, 2000 3:15 pm | |
| Poul-Henning Kamp | Oct 26, 2000 3:18 pm | |
| Jim Bryant | Oct 26, 2000 3:29 pm | |
| Mark Murray | Oct 26, 2000 3:56 pm | |
| Doug Barton | Oct 26, 2000 9:00 pm | |
| Terry Lambert | Oct 27, 2000 5:19 pm | |
| Doug Barton | Oct 27, 2000 7:18 pm |
| Subject: | Re: entropy reseeding is totally broken | |
|---|---|---|
| From: | Mark Murray (ma...@grondar.za) | |
| Date: | Oct 26, 2000 3:56:19 pm | |
| List: | org.freebsd.freebsd-current | |
Hi
Very wonderful ideas! It will take me a bit of time to implement this cleanly as I am not close enough to my Prime Development Platform, but I will do something as soon as possible. Consider it to be not less than two weeks, unless someone submits patches first.
:-)
M
:There is the problem that for each setup, there are many admins who :will have a non-writable filesapce for at least one of (/ /var /boot /etc). : :Sure, there may not be a $PRIMARYSWAP, but if there is, it is IMO the best :place to put stashed entropy.
/etc/rc already assumes that /var is writable. I recommend that you make that assumption by default... have the default entropy file be something like "/var/db/entropy_seed" and allow the administrator to override it with an RC variable. You could allow the administrator to select a different entropy file and you could have another RC variable which allows the administrator to set a command which, when executed, returns an arbitrary sequence of bytes on its stdout to initialize entropy with.
defaults (in /etc/defaults/rc.conf) (this is an example)
entropy_file="/var/db/entropy_seed" entropy_program="/sbin/gather_entropy -time -hostname -rootstatfs" entropy_file_mode="RW"
Example override:
entropy_file="NO" entropy_program="/usr/local/bin/my_special_entropy_program"
Another example override:
# seed with read-only entropy file and then gather additional # entropy from other sources, like the time. # entropy_file_mode="RO" entropy_program="/sbin/gather_entropy -network -time -keyboard_if_insufficient"
etc...
This would give us maximum flexibility, yet provide suitable defaults for most sysinstall-based configurations. For example, this gives you the ability to write an /sbin utility to do the more complex (or more secure) entropy gathering as part of the boot process and then allow the administrator to specify it with appropriate options to suit his tastes, rather then having to build it into the kernel.
Your /sbin program could deal with things like using swap instead of an entropy file and so forth. I think if you did things this way it would remove virtually all the pain developers are feeling from the current state of affairs.
:> lot happier. : ::-) I'd like your suggestion a lot more if you supplied some more concrete :hints. I like KISS, and current evolution is looking a little wierd. I'd :enjoy seeing a true/beautiful/simple solution - patches welcome. :-) : :M
See above.
-Matt
:-- :Mark Murray :Join the anti-SPAM movement: http://www.cauce.org
-- Mark Murray Join the anti-SPAM movement: http://www.cauce.org
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message