[147990] in cryptography@c2.net mail archive
Re: [Cryptography] initializing kernel PRNG much much sooner on
daemon@ATHENA.MIT.EDU (Yaron Sheffer)
Mon Nov 4 12:30:45 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 04 Nov 2013 08:42:21 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: John Denker <jsd@av8n.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
RNG mlist <rng@lists.bitrot.info>
In-Reply-To: <5276F0AE.3040406@av8n.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
>
> I took a stab at translating the thing.
> http://www.av8n.com/cgit/cgit.cgi/init-urandom/
>
> This is first-draft code that has been thought about for maybe 5 minutes
> total, but it's better than nothing. It seeds the PRNG much, much sooner.
> It makes the ssh server dependent on the "urandom" event (although this
> is now in the category of belt-and-suspenders).
>
> I am under no illusions that the seed file is getting loaded early /enough/
> in absolute terms. It is, however, a whole lot earlier in relative terms.
> The new data is tabulated here, along with more discussion:
> http://www.av8n.com/computer/htm/secure-prng.htm#sec-discuss
>
> Comments? Suggestions? Better ideas?
>
You write: "The device might have a fixed address, or some other reason
for not doing DHCP at all."
A fixed address does not preclude requesting other parameters by using
DHCP. This is commonly done, with the DHCPINFORM message:
http://tools.ietf.org/html/rfc2131#section-3.4
Thanks,
Yaron
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography