Re: cprng sysctl: WARNING pseudorandom rekeying.

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: cprng sysctl: WARNING pseudorandom rekeying.
From: Iain Hibbert <plunky%rya-online.net@localhost>
Date: Sat, 10 Nov 2012 08:51:17 +0000 (GMT)

On Sat, 10 Nov 2012, Iain Hibbert wrote:

> On Sat, 10 Nov 2012, Robert Elz wrote:
>
> >     Date:        Fri, 9 Nov 2012 19:34:05 -0500
> >     From:        Thor Lancelot Simon <tls%panix.com@localhost>
> >     Message-ID:  <20121110003405.GA4502%panix.com@localhost>
> >
> >   | No, the cprng named "kernel" is used _inside_ the kernel.
> >
> > It hadn't occurred to me before that that name is significant.
>
> me neither
>
> The first one I get, is the "sysctl" one. It is produced during the
> /etc/rc.d/sysdb script, probably by the dev_mkdb program (which uses cdb,
> probably using arc4random which uses sysctl to load random data?)
>
> Since I have not updated my boot.cfg but random_seed=YES in the
> /etc/defaults/rc.conf file, I guess the entropy file *is* being loaded,
> but after it is required..

Well, strange.. I added "sysdb" to the random_seed BEFORE: line, and
indeed get a message that the entropy file was loaded before the sysdb
script runs..

but I still get the "sysctl" message during the sysdb script run.

> > When I get two messages after a boot (which looks like it might be
> > every time), one of them says "kernel" (seems to be the later one)
> > and the other (the one soonest after a boot) says "sysctl".
>
> The second one I get is the "kernel" one, and this is produced during a
> fetchmail run after I have logged in. I don't know why that would use
> kernel entropy.. perhaps picking a random port number?  Also, that is
> *after* the entropy file was loaded.. is that not enough for the kernel?

apparently not. I did some compilation, to hopefully generate a bit of
entropy, then rebooted. I saw the "Loaded entropy file" message during the
boot process, then logged in and

root# rndctl -s
             7073 bits mixed into pool
             4096 bits currently stored in pool (max 4096)
             2173 bits of entropy discarded due to full pool
              804 hard-random bits generated
            20156 pseudo-random bits generated

plunky% fetchmail

console> cprng kernel: WARNING pseudorandom rekeying.

root# rndctl -s
             7520 bits mixed into pool
             4096 bits currently stored in pool (max 4096)
             2364 bits of entropy discarded due to full pool
             1060 hard-random bits generated
            20156 pseudo-random bits generated

..why is my kernel complaining?

regards,
iain

References:
- Re: cprng sysctl: WARNING pseudorandom rekeying.
  - From: Thor Lancelot Simon
- Re: cprng sysctl: WARNING pseudorandom rekeying.
  - From: Thor Lancelot Simon
- Re: cprng sysctl: WARNING pseudorandom rekeying.
  - From: Alexey Khramkov
- Re: cprng sysctl: WARNING pseudorandom rekeying.
  - From: Robert Elz
- Re: cprng sysctl: WARNING pseudorandom rekeying.
  - From: Robert Elz
- Re: cprng sysctl: WARNING pseudorandom rekeying.
  - From: Robert Elz
- Re: cprng sysctl: WARNING pseudorandom rekeying.
  - From: Iain Hibbert

Prev by Date: Re: cprng sysctl: WARNING pseudorandom rekeying.
Next by Date: Re: cprng sysctl: WARNING pseudorandom rekeying.
Previous by Thread: Re: cprng sysctl: WARNING pseudorandom rekeying.
Next by Thread: [PATCH] POSIX extended API set 2
Indexes:

Home | Main Index | Thread Index | Old Index