dev/random

[Mark Murray]

Peter Jeremy writes:
> On Tue, Apr 13, 2004 at 04:28:16PM -0700, Brooks Davis wrote:
> >To be clear, the problem is not that you can't open /dev/random for
> >read, it's that read() blocks until sufficent entropy arrives.  It's
> >worth noting that the quality of entropy needed in initdiskless is
> >pretty minimal.  rand() would actually be fine here other then the fact
> >that use of rand should not be encouraged.
> 
> If you don't need a great deal of entropy, you might be able to get
> away with stirring in the time of day, CPU cycle counter[1], and maybe
> time a couple of arbitrary disk seeks.  If you had a _really_ cheap
> stirring function, maybe stir in all of KVM (this should vary slightly
> from boot to boot).  This should be enough entropy to get to the
> point where you can start loading or acquiring reasonable entropy.

Check /etc/rc.d/*random* - we've been doing this for years. :-)

> I recall being bitten on several occasions when I was trying to use
> ed(1) in single user mode and having ed decide there wasn't enough
> entropy to create its temporary file.
> 
> Of course, the default behaviour of automatically building ssh host
> keys as part of the boot sequence (when there's virtually no entropy
> available) is probably undesirable.

We understand the problem all too well.

There are two conflicting parts; 1) Starting the device early enough
and 2) making it secure (enough).

Most of the entropy arguments involve, in effect, differing opinions
on what "early enough" and "secure enough" mean.

M
--
Mark Murray
iumop ap!sdn w,I idlaH