On 5/29/07, Theodore Tso <[EMAIL PROTECTED]> wrote:
On Tue, May 29, 2007 at 12:53:10PM +0100, M Macnair wrote: Ok, so this is telling me a couple of things. First of all, if you're only getting three outputs, it means that you don't have any peripherals feeding entropy into the system from the boot sequence. Without any hard drives, keyboards or mice, and a NIC whose device driver hasn't been configured to feed entropy, you're definitely hosed.
Yes. However this isn't the issue I'm concerned with at the moment.
Secondly, and more importantly, your boot scripts aren't set up correctly.
Sorry, I only posted the startup bit - the same does indeed happen on shutdown, however I wasn't interested in it for the purposes of the tests. The key point I was trying to put across was that I can't get the seeding process to work. No matter what I wrote to /dev/urandom on startup, the output from reading /dev/urandom immediately afterwards was the same (ignoring the occasional variation that I put down to timing). As I understand it (from man 4 random and the boot script examples), writing to /dev/[u]random should increase the amount of entropy, thereby altering the output from the PRNG.
Another thing which I noticed is that when Matt Mackall took over maintainership of /dev/random, he apparently took out one of the safeguards I had, which was that before, when entropy was extracted from the pool the time stamp when it was extracted was mixed back into the pool. The theory was that an external attacker might not know when a program might be calling /dev/random, so mixing in the time of that entropy was extracted wouldn't hurt, and might help. I'll submit a patch to add that support back in, which will help you a little.
When did Matt take over? From my experiments it would appear as though the time is having an effect on the output, though as I say I'm not totally sure. Regards, Michael Macnair - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
