Terry Lambert wrote:
> > > This is sweet! Seems it would give us the full benefits of Mark's
> > > randomdev, and fit nicely with our normal configuration framework and
> > > gives good flexibility.
> > It also describes just what we have currently, except it misses the
> > advantages of putting the entropy file on the root partition which makes
> > it available immediately, and doesn't have mounting races built in.
> What currently exists does not allow a read-only /. Which sucks.
Please keep a couple things in mind. First, there is no one solution
that is going to suit everyone. It's exactly because my /var is not on /
that I got interested in patching the current implementation of "save
some randomness at boot and read it back in at startup" in the first
place. I kept read-only and diskless / cases in mind when I tied my idea
into the existing ability to specify the file AND used /var as a
Second, Mark has always intended and is currently working on ways to
make entropy harvesting happen in the boot phase. No one expected, or
represented this file-based method as the ultimate solution.
Third, Schneier's paper suggests loading a file of written-out entropy
at boot as an additional reseeding source, so we need to work out the
store a file across boot in any case. It's entirely possible that this
won't work for some edge cases, but harvesting entropy in the boot
process will help alleviate that. Finding answers to the current
problems will be easier if we keep the goals clear.
"The dead cannot be seduced."
- Kai, "Lexx"
Do YOU Yahoo!?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message