arc4random initialization
Dave Hayes
dave at jetcafe.org
Sun Dec 6 23:36:35 UTC 2020
When I'm running FreeBSD on what amounts to a live DVD (no writable
filesystems), I get this message:
arc4random: no preloaded entropy cache
I went looking in the source for this message and near enough to the
message source found this troubling comment in sys/libkern/arc4random.c:
/*
* This is making the best of what may be an insecure
* Situation. If the loader(8) did not have an entropy
* stash from the previous shutdown to load, then we will
* be improperly seeded. The answer is to make sure there
* is an entropy stash at shutdown time.
*/
So security-wise, just how bad is it to be improperly seeded? If I cannot get
a valid entropy stash at boot time, can I delay the need for it until I can get
a writable filesystem up and running?
Thanks in advance for any cogent replies.
--
Dave Hayes - Consultant - LA CA, USA - dave at dream-tech.com
>>>> *The opinions expressed above are entirely my own* <<<<
The person who first said "There is no smoke without fire"
may have been describing the state of the technology at
the time it was said, not enunciating a truth.
More information about the freebsd-hackers
mailing list