For the sake of those who don't follow commit messages (shame on you!),
here's your fair warning regarding this change. This is the promised update
that periodically (every 3 minutes by default) saves 2k of randomness to a
set of rotating files stored by default in /.entropy. That location was
chosen so that it could be loaded as early as possible in the boot process.
As mentioned in the commit message, Mark suggested the defaults for size,
period, and number of files based on the requirements of the Yarrow
algorithm. System load for this should be negligible. All the parameters
are tunable if load becomes a problem. 

        I chose the operator user as the custodian of the entropy files since that
both isolates them from unprivileged users to a certain extent, and
minimizes the possibility of damaged caused by file based exploits that
could be caused if the files were owned by root. This is bike shed

        For now my opinion is that the best option is to leave the single file
written out at shutdown intact. First, I'd rather make one change at a
time. Second, having both systems in place gives users with special needs
(like diskless boots) more options in terms of saving entropy. I've no
objection to ripping this out down the road if circumstances warrant. 



-------- Original Message --------
Subject: cvs commit: src/etc crontab rc src/etc/defaults
rc.confsrc/etc/mtree BSD.root.dist src/libexec
Makefilesrc/libexec/save-entropy Makefile
Date: Thu, 11 Jan 2001 05:01:20 -0800 (PST)
From: Doug Barton <[EMAIL PROTECTED]>

dougb       2001/01/11 05:01:20 PST

  Modified files:
    etc                  crontab rc 
    etc/defaults         rc.conf 
    etc/mtree            BSD.root.dist 
    libexec              Makefile 
  Added files:
    libexec/save-entropy Makefile 
  Add a system to save entropy from /dev/random periodically so that
  it can be used to reseed at boot time. This will greatly increase
  the chances that there will be sufficient entropy available at
  boot time to prevent long delays.
  For /etc/rc, remove the vmstat and iostat runs from the attempt
  to provide some cheesy randomness if the files fail, since
  those programs are dynamically linked, and ldd seems to want
  some randomness to do its magic.
  Guidance and parameters for this project were provided by
  Mark Murray, based on the requirements of the Yarrow
  algorithm. Some helpful suggestions for implementation
  (including the tip about iostat and vmstat) were provided
  by Sheldon Hearn. All blame for problems or mistakes is
  mine of course.
  Revision  Changes    Path
  1.28      +4 -1      src/etc/crontab
  1.247     +27 -11    src/etc/rc
  1.84      +4 -1      src/etc/defaults/rc.conf
  1.48      +5 -1      src/etc/mtree/BSD.root.dist
  1.44      +2 -1      src/libexec/Makefile

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to