Re: Random source seeding and /etc/rc.d/sshd host key generation

From: Brooks Davis <brooks_at_one-eyed-alien.net>
Date: Mon, 28 Mar 2005 14:08:27 -0800
On Mon, Mar 28, 2005 at 05:00:22PM -0500, Ed Maste wrote:
> In /etc/rc.d/sshd, user_reseed() does
> 
> seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
>     if [ "${seeded}" != "" ] ; then
>         warn "Setting entropy source to blocking mode."
>         echo "===================================================="
>         echo "Type a full screenful of random junk to unblock"
>         ...
> 
> I'm curious if checking the seeded sysctl against "" is intentional;
> it seems $seeded will always be non-null.  Since user_reseed only
> gets called if the host keys don't exist it probably won't be much
> of an issue in practice, but it seems random junk will be requested
> on the first boot even if the entropy source is already seeded.

I believe the goal of the script is to not trust the system entropy this
time (since it's almost certainly junk.)  I think the check is just to
avoid this code if the sysctl doesn't exist.

-- Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

Received on Mon Mar 28 2005 - 20:08:28 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:30 UTC