> > I agree that it is not (very) random; however cclock jitter and keystroke
> > timing can help thwart the bad guys...
> But do please keep in mind that many of my FreeBSD platforms have neither
> keyboard or mouse.  And for the ones that do, they tend not to get used
> until long after the system boots.  It's essential that the randomness
> harvesting also be driven off of other events, such as network interface
> or storage system interrupts for these environments.

Agreed. I have already committed a "persistent" entropy cache that
reseeds the random device on reboot.

> In fact, it would be rather interesting to have a configuration flag which
> always forces something like an fsck on a file system in order to provide
> some entropy to the random device.  Or some other user-exposed way of
> providing entropy.  I might have some data on disk, or some network
> operations which can be performed to help seed the entropy pool.

I'm (er, phk is) looking at hooking namei() in some way.

I'm also going to hook the networking stack.

Mark Murray
Join the anti-SPAM movement: http://www.cauce.org

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to