Re: seeding dev/random in 5.5

--- Michael Scheidell <scheidell@xxxxxxxxxx> wrote:
R. B. Rid*** wrote:
Why do u believe, that /dev/random isnt seeded by networking?


because it isn't.
and pings arn' going to produce much random data.

Hmm... Interesting...

it might feed it LATER, saving to /var/db/entropy, but when the system
is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to
generate enough to feed to /dev/random, it doesn't

Hopefully... I was under the impression, that new "random" events are gathered
continuously in order to create an always good source of random ...

I can reproduce it 100% of the time, every time, all day long.

OK... But I still dont understand why that is... Does it have an ethernet NIC?
Is that sysctl (kern.random.sys.harvest.ethernet) set to 1 before rc.d/sshd
starts?

Only two workarounds that I know of:
#1, put in more than 3 lines of garbage on console.
#2, put in more than 5 packets of garbage from ethernet
(which, acknowledged: if hacker is trying to seed known data to this
box, he could feed it known data)

If I may add:
I know another workaround: Create the key files during the install process,
which has to be done quite handish anyway, if u do it on a far away deeply
buried box... Or not?

-Arne


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"