Re: Random source seeding and /etc/rc.d/sshd host key generation

From: Brooks Davis (brooks_at_one-eyed-alien.net)
Date: 03/29/05

  • Next message: Mark Murray: "Re: Random source seeding and /etc/rc.d/sshd host key generation" 
    Date: Mon, 28 Mar 2005 14:08:27 -0800
To: Ed Maste <emaste@phaedrus.sandvine.ca>

    On Mon, Mar 28, 2005 at 05:00:22PM -0500, Ed Maste wrote:
    > In /etc/rc.d/sshd, user_reseed() does
    >
    > seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
    > if [ "${seeded}" != "" ] ; then
    > warn "Setting entropy source to blocking mode."
    > echo "===================================================="
    > echo "Type a full screenful of random junk to unblock"
    > ...
    >
    > I'm curious if checking the seeded sysctl against "" is intentional;
    > it seems $seeded will always be non-null. Since user_reseed only
    > gets called if the host keys don't exist it probably won't be much
    > of an issue in practice, but it seems random junk will be requested
    > on the first boot even if the entropy source is already seeded.

    I believe the goal of the script is to not trust the system entropy this
    time (since it's almost certainly junk.) I think the check is just to
    avoid this code if the sysctl doesn't exist.

    -- Brooks 

    -- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

  • Next message: Mark Murray: "Re: Random source seeding and /etc/rc.d/sshd host key generation"