svn commit: r230230 - head/sys/dev/random
Andrey Chernov
ache at FreeBSD.ORG
Wed Jan 18 19:05:28 UTC 2012
On Wed, Jan 18, 2012 at 12:54:40PM -0500, David Schultz wrote:
> It appears to reseed arc4random's state exactly once, at whatever
> unpredictable time devrandom decides to reseed itself. Are you
As fast as possible, immediatelly when we have enough good entropy.
> trying to fix the problems that arise if random.ko is loaded too
> late in the boot process?
There is only _initial_ seeding security problem with arc4rand() and not
only when random.ko is not loaded, but when it is loaded too and don't
harvest enough entropy yet.
All late stages don't have security problem because arc4rand()
periodically reseeds itself from yarrow when ARC4_RESEED_SECONDS is
expired.
About random.ko loading itself, this is separate question and I already
express opinion to make random.ko not optional but required kernel module.
--
http://ache.vniz.net/
More information about the svn-src-all
mailing list