Subject: Re: feature request: root file system change
To: None <tech-kern@netbsd.org>
From: Matthew Mondor <mm_lists@pulsar-zone.net>
List: tech-kern
Date: 04/17/2005 04:12:40
On Sun, 17 Apr 2005 03:52:12 -0400
Matthew Mondor <mm_lists@pulsar-zone.net> wrote:
> A possible issue though might be lack of enough entropy to make
> /dev/urandom results unpredictable, since the system is just being
> initialized and entropy collection is not likely to have occurred much.
> To be non-blocking, it would then fall back to generate results similar
> to random(3) if necessary, I believe ("degenerates to a pseudo-random
> generator"). Of course this might only matter to some extent depending
> on your use of CGD
Hmm after writing this I started looking at /etc/rc.d/ to see what was
done to prevent this (of course this would still assume that at least
some of the rc.d system runs first before key initializations, or a
custom program used to do it), but I failed to see code to store and
reload some entropy data? (on a 2.0.1 system) Also rndctl(8) doesn't
seem to allow loading/saving such state information, didn't check yet if
writing to /dev/random is allowed by the superuser, rnd(9) man page
didn't show any ioctl to allow this either... In any case, the saved
data used to set new state information would still be stored on the disk
somewhere, unless on a removable device it would probably be accessible
Matt