cvs commit: src/games/fortune/fortune fortune.c
Doug Barton
dougb at FreeBSD.org
Mon Jul 25 00:52:02 GMT 2005
Colin Percival wrote:
> I think this would be more dangerous than valuable. "Most" failure modes of
> modern PRNGs will result in output which is cryptographically predictable but
> passes all known statistical tests. (To take a trivial example, the sequence
> MD5(0), MD5(1), MD5(2) ... looks random, but obviously isn't.)
>
> If we want to determine if the PRNG has been seeded properly, we should be
> querying the kernel, not trying to distinguish between "random" and "non-random"
> just based on its output.
I put the following in my /etc/rc.local file to try and do some detective
work on the fortune issue:
sysctl kern.random.sys.seeded >> ${TMPDIR:-/tmp}/sysctl.out
If others are seeing apparent problems with randomness issues on startup
this might be a useful diagnostic for them as well.
FWIW, I cranked up the entropy save function on my laptop to the following
values:
entropy_save_sz="4096" # Size of the entropy cache files.
entropy_save_num="17" # Number of entropy cache files to save.
And haven't seen any problems with repetitive fortunes in the last 2 days.
Since storage of these files is pretty painless, I'm tempted to crank this
up in /etc/defaults/rc.conf. Opinions?
Doug
--
This .signature sanitized for your protection
More information about the freebsd-security
mailing list