On Thu, Dec 23, 2010 at 10:43:49AM +0100, olli hauer wrote:
> On 2010-12-23 09:44, Clint Pachl wrote:
> > Salvador Fandiqo wrote:
> >> On 12/23/2010 06:39 AM, Marsh Ray wrote:
> >>> On 12/22/2010 03:49 PM, Clint Pachl wrote:
> >>>> Salvador Fandiqo wrote:
> >>>>>
> >>>>> Could a random seed be patched into the kernel image at installation
> >>>>> time?
> >>>>> Admittedly this is not entropy, this is a just secret key and anyone
> >>>>> with access to the machine would be able to read it,
> >>>
> >>> How is it different than any other installation file then?
> >>
> >> because it is accessible *before* any filesystem is mounted, from second 0
> >> of
> >> the boot process.
> >>
> >>
> > This reminds me of something.
> >
> > The last time I installed FreeBSD about 5 years ago, it asked me to pound
> > on the
> > keyboard for like 60 seconds during installation (or at first boot, can't
> > remember) in order to build up some "randomness". I wonder what kind of
> > entropy
> > that provided?
> >
>
> It was only the first time sshd starts to generate enough entropy for the
> ssh-key generation.
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/sshd?rev=1.14;content-type=text%2Fplain
In our case, the aim is to use the entropy collected during install
by the various entropy sources (tty, disk io, network io and more) to
generate a random seed that's being saved to disk so the first real
boot is able to stir the random pool with that and have enough entropy
to generate good hostkeys.
-Otto
