Re: svn commit: r239569 - head/etc/rc.d

David O'Brien writes:
> On Thu, Sep 13, 2012 at 08:00:19PM +0100, Mark Murray wrote:
> > I'm in favour of doing something
> > to "dribble" the startup suff in, while limiting its length to (say)
> > 1-2 K.  Compressing the gathered stuff is a good idea, and inserting
> > that *first* with a delay following would be ideal; 1 second would be
> > sufficient, 2 safer if the machine very busy. After that "chunking" the
> > cached stuff and easing it in slowly would be a Good Thing(tm).
> 
> Mark,
> Can you add more about your reasoning why the low-grade entropy should be
> input before the high-quality cached entropy?

Sure!

I'm presuming that there is sufficient delay after the initial low-grade
stuff (compressed, so dense) for it _all_ to be used. This means that at
least the first bits of whatever follows also gets used properly.

The low-grade stuff is the "best bet" for creating some form of
difference between 2 otherwise identical machines, albeit small. This
shortish delay also gives the TSC register a bit more time to provide
further uncertainty for the later entropy reinsertion/harvesting.

The high-grade then does the heavy-lifing, presuming that it exists,
which after a dodgy start-up/restart, may not be the case. However, even
a small piece of /dev/zero will give SOME entropy due to TSC uncertainty
here, so further gathering has a better head start.

(There is further help for the super-paranoid; resetting the "seeded"
bit (sysctl) will cause /dev/random reads to block until the next
reseed. This may be (ab)used to really keep the device safe by repeated
clearing followed by writes of cached entropy.)

M
-- 
Mark R V Murray
Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open)
Pi: 132511160

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"