tech-security: Re: add rnd(4) to install floppy

Subject: Re: add rnd(4) to install floppy
To: None <david@l8s.co.uk>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-security
Date: 09/05/2003 19:10:00

> You didn't even read this one!
> > ===================================================================
> > RCS file: /cvsroot/src/sys/arch/i386/conf/GENERIC,v
> > retrieving revision 1.569
> > diff -u -r1.569 GENERIC
> > --- i386/conf/GENERIC	2003/08/26 21:12:48	1.569
> > +++ i386/conf/GENERIC	2003/09/05 08:14:59

	ok, my mistake.

> And, as state earlier, adding a device to the i386 floppy install
> kernel - especially the TINY ones WILL make them exceed their size limits.

% pwd
/usr/home/itojun/NetBSD/src/sys.1/arch/i386/compile/INSTALL_TINY
% ls -l net*
-rwxr-xr-x  1 itojun  itojun  2872912 Sep  5 19:06 netbsd.nornd
-rwxr-xr-x  1 itojun  itojun  2881415 Sep  5 19:05 netbsd.withrnd
% gzip -9 netbsd.nornd
% gzip -9 netbsd.withrnd
% ls -l net*
-rwxr-xr-x  1 itojun  itojun  619246 Sep  5 19:06 netbsd.nornd.gz
-rwxr-xr-x  1 itojun  itojun  623277 Sep  5 19:05 netbsd.withrnd.gz

	4K increase after gzip.  do we have room for this?

> I also think that the rnd(4) stuff is inappropriate.
> A straight forward, cryptographically secure, random sequence generator
> could be used - and wouldn't keep running out of entropy.
> The only difficulty is getting enough randomness at the start.

	what do you suggest then?  prepare a special libcrypt which does not
	use rnd(4) just for installation floppy?

itojun