yarrow random generator

[Robert Watson]

On Thu, 24 Dec 2009, RW wrote:

>>> And also according to Schneier it is a good idea to save state of the PRNG 
>>> and restore it on boot to make it "more seeded".
>>
>> In the default configuration, we save some PRNG output every few minutes 
>> (using cron) to a file in /var so that it can be re-injected into Yarrow on 
>> the next boot (done by /etc/rc.d/random).
>
> It isn't handled very well though. The files saved by crontab under /var are 
> loaded a bit late in the boot sequence - after encrypted swap.
>
> The main entropy file is loaded earlier, but immediatly after ps -fauxww, 
> sysctl -a, etc are dumped into the device, saturating its 4K of buffer 
> space.

I can't speak to the specific /dev/random design choices here, but I can say 
that there is a more general issue with swap being required to get to the 
point where you reliably have writable file system access.  This is because 
fsck can be quite memory-heavy, and so swap is started before fsck is started. 
It could well be that the arrival of proper UFS journaling support in the 
immediate future allows more agressive reordering of the boot process so that 
writable file systems can be assumed much earlier.

I'll point Mark Murray at this thread and see if we can get him to opine some 
on the current design choices and any potential changes to address them.  I 
was interested by your observation that the boot-time dumping of bits into 
/dev/random may overflow the buffering -- indeed, it looks like the 
rate-controlling in effect for other entropy sources may not be appropriate 
for /dev/random.

Robert N M Watson
Computer Laboratory
University of Cambridge