Peter Jeremy writes: > On Tue, Apr 13, 2004 at 04:28:16PM -0700, Brooks Davis wrote: > >To be clear, the problem is not that you can't open /dev/random for > >read, it's that read() blocks until sufficent entropy arrives. It's > >worth noting that the quality of entropy needed in initdiskless is > >pretty minimal. rand() would actually be fine here other then the fact > >that use of rand should not be encouraged. > > If you don't need a great deal of entropy, you might be able to get > away with stirring in the time of day, CPU cycle counter[1], and maybe > time a couple of arbitrary disk seeks. If you had a _really_ cheap > stirring function, maybe stir in all of KVM (this should vary slightly > from boot to boot). This should be enough entropy to get to the > point where you can start loading or acquiring reasonable entropy. Check /etc/rc.d/*random* - we've been doing this for years. :-) > I recall being bitten on several occasions when I was trying to use > ed(1) in single user mode and having ed decide there wasn't enough > entropy to create its temporary file. > > Of course, the default behaviour of automatically building ssh host > keys as part of the boot sequence (when there's virtually no entropy > available) is probably undesirable. We understand the problem all too well. There are two conflicting parts; 1) Starting the device early enough and 2) making it secure (enough). Most of the entropy arguments involve, in effect, differing opinions on what "early enough" and "secure enough" mean. M -- Mark Murray iumop ap!sdn w,I idlaHReceived on Thu Apr 15 2004 - 05:50:07 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC