For the sake of those who don't follow commit messages (shame on you!),
here's your fair warning regarding this change. This is the promised update
that periodically (every 3 minutes by default) saves 2k of randomness to a
set of rotating files stored by default in /.entropy. That location was
chosen so that it could be loaded as early as possible in the boot process.
As mentioned in the commit message, Mark suggested the defaults for size,
period, and number of files based on the requirements of the Yarrow
algorithm. System load for this should be negligible. All the parameters
are tunable if load becomes a problem.
I chose the operator user as the custodian of the entropy files since that
both isolates them from unprivileged users to a certain extent, and
minimizes the possibility of damaged caused by file based exploits that
could be caused if the files were owned by root. This is bike shed
material.
For now my opinion is that the best option is to leave the single file
written out at shutdown intact. First, I'd rather make one change at a
time. Second, having both systems in place gives users with special needs
(like diskless boots) more options in terms of saving entropy. I've no
objection to ripping this out down the road if circumstances warrant.
Enjoy,
Doug
Original Message
Subject: cvs commit: src/etc crontab rc src/etc/defaults
rc.confsrc/etc/mtree BSD.root.dist src/libexec
Makefilesrc/libexec/save-entropy Makefile save-entropy.sh
Date: Thu, 11 Jan 2001 05:01:20 -0800 (PST)
From: Doug Barton [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
dougb 2001/01/11 05:01:20 PST
Modified files:
etc crontab rc
etc/defaults rc.conf
etc/mtreeBSD.root.dist
libexec Makefile
Added files:
libexec/save-entropy Makefile save-entropy.sh
Log:
Add a system to save entropy from /dev/random periodically so that
it can be used to reseed at boot time. This will greatly increase
the chances that there will be sufficient entropy available at
boot time to prevent long delays.
For /etc/rc, remove the vmstat and iostat runs from the attempt
to provide some cheesy randomness if the files fail, since
those programs are dynamically linked, and ldd seems to want
some randomness to do its magic.
Guidance and parameters for this project were provided by
Mark Murray, based on the requirements of the Yarrow
algorithm. Some helpful suggestions for implementation
(including the tip about iostat and vmstat) were provided
by Sheldon Hearn. All blame for problems or mistakes is
mine of course.
Revision ChangesPath
1.28 +4 -1 src/etc/crontab
1.247 +27 -11src/etc/rc
1.84 +4 -1 src/etc/defaults/rc.conf
1.48 +5 -1 src/etc/mtree/BSD.root.dist
1.44 +2 -1 src/libexec/Makefile
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/crontab.diff?r1=1.27r2=1.28f=h
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.diff?r1=1.246r2=1.247f=h
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/defaults/rc.conf.diff?r1=1.83r2=1.84f=h
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/mtree/BSD.root.dist.diff?r1=1.47r2=1.48f=h
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/libexec/Makefile.diff?r1=1.43r2=1.44f=h
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
