Re: seeding dev/random in 5.5

--- Michael Scheidell <scheidell@secnap.net> wrote:
> R. B. Riddick wrote:
> > Why do u believe, that /dev/random isnt seeded by networking?
> >
> >   
> because it isn't.
> and pings arn' going to produce much random data.
>
Hmm... Interesting...

> it might feed it LATER, saving to /var/db/entropy, but when the system
> is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to
> generate enough to feed to /dev/random, it doesn't
>
Hopefully... I was under the impression, that new "random" events are gathered
continuously in order to create an always good source of random ...

> I can reproduce it 100% of the time, every time, all day long.
>
OK... But I still dont understand why that is... Does it have an ethernet NIC?
Is that sysctl (kern.random.sys.harvest.ethernet) set to 1 before rc.d/sshd
starts?

> Only two workarounds that I know of:
> #1, put in more than 3 lines of garbage on console.
> #2, put in more than 5 packets of garbage from ethernet
> (which, acknowledged: if hacker is trying to seed known data to this
> box, he could feed it known data)
>
If I may add:
I know another workaround: Create the key files during the install process,
which has to be done quite handish anyway, if u do it on a far away deeply
buried box... Or not?

-Arne

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"