arc4random initialization

Dave Hayes dave at
Sun Dec 6 23:36:35 UTC 2020

When I'm running FreeBSD on what amounts to a live DVD (no writable
filesystems), I get this message:

  arc4random: no preloaded entropy cache

I went looking in the source for this message and near enough to the
message source found this troubling comment in sys/libkern/arc4random.c:

      * This is making the best of what may be an insecure
      * Situation. If the loader(8) did not have an entropy
      * stash from the previous shutdown to load, then we will
      * be improperly seeded. The answer is to make sure there
      * is an entropy stash at shutdown time.

So security-wise, just how bad is it to be improperly seeded? If I cannot get
a valid entropy stash at boot time, can I delay the need for it until I can get
a writable filesystem up and running? 

Thanks in advance for any cogent replies.
Dave Hayes - Consultant - LA CA, USA - dave at
>>>> *The opinions expressed above are entirely my own* <<<<

The person who first said "There is no smoke without fire"
may have been describing the state of the technology at
the time it was said, not enunciating a truth.

More information about the freebsd-hackers mailing list