On Thu, 24 Dec 2009 19:48:43 +0000 (GMT) Robert Watson <[email protected]> wrote:
> On Thu, 24 Dec 2009, Paul Graphov wrote: > > > And also according to Schneier it is a good idea to save state of > > the PRNG and restore it on boot to make it "more seeded". > > In the default configuration, we save some PRNG output every few > minutes (using cron) to a file in /var so that it can be re-injected > into Yarrow on the next boot (done by /etc/rc.d/random). It isn't handled very well though. The files saved by crontab under /var are loaded a bit late in the boot sequence - after encrypted swap. The main entropy file is loaded earlier, but immediatly after ps -fauxww, sysctl -a, etc are dumped into the device, saturating its 4K of buffer space. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
