Collecting entropy from device_attach() times.
Jonathan Anderson
jonathan at FreeBSD.org
Thu Sep 20 10:32:54 UTC 2012
On Thursday, 20 September 2012 at 11:21, Pawel Jakub Dawidek wrote:
> It would be ideal if we could provide properly seeded PRNG even for
> single-user mode, so eliminating initrandom altogether is also an
> option
Amen to that. :)
As I believe theraven@ pointed out a couple of days ago: it is very silly indeed that we are taking data generated by the kernel (process table) based on presumed-pseudorandom inputs, passing it to userspace, turning it into text (via ps), hashing that text and then passing it *back* to the kernel in order to stir into the entropy pool that we could instead just build from actually-fairly-random information like device_attach() times.
Jon
--
Jonathan Anderson
jonathan at FreeBSD.org
More information about the freebsd-security
mailing list