Colin Percival wrote:
I think this would be more dangerous than valuable. "Most" failure modes of
modern PRNGs will result in output which is cryptographically predictable but
passes all known statistical tests. (To take a trivial example, the sequence
MD5(0), MD5(1), MD5(2) ... looks random, but obviously isn't.)
If we want to determine if the PRNG has been seeded properly, we should be
querying the kernel, not trying to distinguish between "random" and "non-random"
just based on its output.
I put the following in my /etc/rc.local file to try and do some detective
work on the fortune issue:
sysctl kern.random.sys.seeded >> ${TMPDIR:-/tmp}/sysctl.out
If others are seeing apparent problems with randomness issues on startup
this might be a useful diagnostic for them as well.
FWIW, I cranked up the entropy save function on my laptop to the following
values:
entropy_save_sz="4096" # Size of the entropy cache files.
entropy_save_num="17" # Number of entropy cache files to save.
And haven't seen any problems with repetitive fortunes in the last 2 days.
Since storage of these files is pretty painless, I'm tempted to crank this
up in /etc/defaults/rc.conf. Opinions?
Doug
--
This .signature sanitized for your protection
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
