Random source seeding and /etc/rc.d/sshd host key generation
Brooks Davis
brooks at one-eyed-alien.net
Mon Mar 28 14:08:29 PST 2005
On Mon, Mar 28, 2005 at 05:00:22PM -0500, Ed Maste wrote:
> In /etc/rc.d/sshd, user_reseed() does
>
> seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
> if [ "${seeded}" != "" ] ; then
> warn "Setting entropy source to blocking mode."
> echo "===================================================="
> echo "Type a full screenful of random junk to unblock"
> ...
>
> I'm curious if checking the seeded sysctl against "" is intentional;
> it seems $seeded will always be non-null. Since user_reseed only
> gets called if the host keys don't exist it probably won't be much
> of an issue in practice, but it seems random junk will be requested
> on the first boot even if the entropy source is already seeded.
I believe the goal of the script is to not trust the system entropy this
time (since it's almost certainly junk.) I think the check is just to
avoid this code if the sysctl doesn't exist.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050328/69ae757e/attachment.bin
More information about the freebsd-current
mailing list