Doug Barton wrote:
: Pending Mark's approval, I'd like to suggest we add a cron job to
: dump X k of data from /dev/random to a file (/boot/.periodic_entropy
: maybe?) and use that, AND ${entropy_file:/var/db/entropy} to reseed at
: boot, and only do the "long, annoying" failover process if neither file
: exists. The only remaining questions would be how many k of data to dump
: how often.
How about skipping the "long, annoying failover process" altogether and
simply logging to the console that the entropy reseeding process was
incomplete? Forcing an indeterminate delay to gather entropy is more
than a little paternalistic.
I've little doubt of /dev/random's theoretical soundness. But a
theoretical boost in security won't justify an actual reduction in
availability to many folks.
-Ed
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
