Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sbin/rndctl Clarify security model of rndctl -S files.
details: https://anonhg.NetBSD.org/src/rev/43331dc5f742
branches: trunk
changeset: 961017:43331dc5f742
user: riastradh <riastradh%NetBSD.org@localhost>
date: Tue Apr 06 12:32:39 2021 +0000
description:
Clarify security model of rndctl -S files.
diffstat:
sbin/rndctl/rndctl.8 | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
diffs (34 lines):
diff -r a7d79fed993e -r 43331dc5f742 sbin/rndctl/rndctl.8
--- a/sbin/rndctl/rndctl.8 Tue Apr 06 12:10:21 2021 +0000
+++ b/sbin/rndctl/rndctl.8 Tue Apr 06 12:32:39 2021 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: rndctl.8,v 1.27 2021/04/02 07:04:05 nia Exp $
+.\" $NetBSD: rndctl.8,v 1.28 2021/04/06 12:32:39 riastradh Exp $
.\"
.\" Copyright (c) 1997 Michael Graff
.\" All rights reserved.
@@ -105,11 +105,22 @@
.Ar devname
specified.
.It Fl S
-Save entropy pool to file
-.Ar save-file .
+Save entropy to file
+.Ar save-file
+for later use with
+.Cm "rndctl -L" .
+.Pp
The file format is specific to
.Nm
and includes an estimate of the amount of saved entropy and a checksum.
+The prior internal state of the system entropy pool cannot be recovered
+from
+.Ar save-file ,
+so disclosure of
+.Ar save-file
+does not compromise past secrets drawn from
+.Pa /dev/urandom
+or equivalent.
.It Fl s
Display statistics on the current state of the entropy pool.
.It Fl t
Home |
Main Index |
Thread Index |
Old Index