Peter Jeremy PeterJeremy at
Fri Apr 16 02:30:57 PDT 2004

On Thu, Apr 15, 2004 at 03:48:09PM +0100, Mark Murray wrote:
>Peter Jeremy writes:
>> If you don't need a great deal of entropy, you might be able to get
>> away with stirring in the time of day, CPU cycle counter[1], and maybe
>> time a couple of arbitrary disk seeks.  If you had a _really_ cheap
>> stirring function, maybe stir in all of KVM (this should vary slightly
>> from boot to boot).  This should be enough entropy to get to the
>> point where you can start loading or acquiring reasonable entropy.
>Check /etc/rc.d/*random* - we've been doing this for years. :-)

I meant that the kernel should seed /dev/random before it even starts
init(8).  I understood that one of the problems with /etc/rc.d/random
was that you may need to have some entropy available to mount root
so you can get to /etc/rc.d/random.  (And /etc/rc.d/random doesn't
help when you boot into single user mode and can't run ed or vi
because there's no entropy).

>> Of course, the default behaviour of automatically building ssh host
>> keys as part of the boot sequence (when there's virtually no entropy
>> available) is probably undesirable.
>We understand the problem all too well.
>There are two conflicting parts; 1) Starting the device early enough
>and 2) making it secure (enough).

One option (which may have already been implemented, I haven't done a
5-CURRENT install for a long time) would be to generate the host keys
as part of sysinstall before rebooting.  There's potentially a fair
amount of entropy available by the end of the system installation.
(In any case, it's unlikely to be less than what is available early
during the boot process).

Peter Jeremy

More information about the freebsd-current mailing list