arc4random initialization

Dave Hayes dave at
Mon Dec 7 11:12:37 UTC 2020

On Mon, 7 Dec 2020 08:37:42 +0000
Mark Murray <markm at> wrote:
> > On 6 Dec 2020, at 23:36, Dave Hayes <dave at> wrote:
> > 
> > So security-wise, just how bad is it to be improperly seeded? If I cannot
> > get a valid entropy stash at boot time, can I delay the need for it until I
> > can get a writable filesystem up and running?
> This means that the random(4) device and relevant infrastructure like
> arc4random starts up in an insecure state and is not to be trusted for e.g.
> generating SSH keys.
> After you have used the machine for a while (exactly how long "depends"),
> it will reseed itself and become secure.

Thank you for this response. Is there any indication as to when it has safely
reseeded? Is one able to force a reseed by any mechanism?
Dave Hayes - Consultant - LA CA, USA - dave at
>>>> *The opinions expressed above are entirely my own* <<<<

Sunshine proves it's own existence.

More information about the freebsd-hackers mailing list