[src/trunk]: src/sbin/rndctl Clarify security model of rndctl -S files.

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/43331dc5f742
branches:  trunk
changeset: 961017:43331dc5f742
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Tue Apr 06 12:32:39 2021 +0000

description:
Clarify security model of rndctl -S files.

diffstat:

 sbin/rndctl/rndctl.8 |  17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)

diffs (34 lines):

diff -r a7d79fed993e -r 43331dc5f742 sbin/rndctl/rndctl.8
--- a/sbin/rndctl/rndctl.8      Tue Apr 06 12:10:21 2021 +0000
+++ b/sbin/rndctl/rndctl.8      Tue Apr 06 12:32:39 2021 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: rndctl.8,v 1.27 2021/04/02 07:04:05 nia Exp $
+.\"    $NetBSD: rndctl.8,v 1.28 2021/04/06 12:32:39 riastradh Exp $
 .\"
 .\" Copyright (c) 1997 Michael Graff
 .\" All rights reserved.
@@ -105,11 +105,22 @@
 .Ar devname
 specified.
 .It Fl S
-Save entropy pool to file
-.Ar save-file .
+Save entropy to file
+.Ar save-file
+for later use with
+.Cm "rndctl -L" .
+.Pp
 The file format is specific to
 .Nm
 and includes an estimate of the amount of saved entropy and a checksum.
+The prior internal state of the system entropy pool cannot be recovered
+from
+.Ar save-file ,
+so disclosure of
+.Ar save-file
+does not compromise past secrets drawn from
+.Pa /dev/urandom
+or equivalent.
 .It Fl s
 Display statistics on the current state of the entropy pool.
 .It Fl t