> > That works with what I already have: cat $privatekey > /dev/random :-)
>
> Yes. But the /dev/random device is traditionally crw-r--r-- which
> means user processes can't write to it. So you'd have to be root to
> do that.
I go one further; at close, I do an explicit reseed, and I make sure
that it is root doing the writing.
> What could be done for yarrow is to change the device permissions to
> crw-rw-rw- and mix into a shared user source and set k_of_n_thresh so
> that the user can only trigger fast reseeds, and consider slow reseed
> de-skewing function output for blocking /dev/random; or just add user
> input with an entropy estimate of 0 so they can't affect reseeding,
> and draw fast reseed de-skewing function output for block /dev/random
> (slow output may be too slow).
The estimate for "user" (really root) input is currently 0, except
that I tie it to explicit (fast) reseeds. It shouldn't be a problem to
tie it to a trickle-feed, and allow that to do fast-only reseeds after
considerable lengths of time.
M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
