Subject: Re: add rnd(4) to install floppy
To: None <>
From: Jun-ichiro itojun Hagino <>
List: tech-security
Date: 09/06/2003 07:10:10
> In message <>, "Nathan J. Willia
> ms" writes:
> > (Jun-ichiro itojun Hagino) writes:
> >
> >> 	well, then, we should probably put some code into sysinst that warns
> >> 	user like "password entries are created with weak random number, you
> >> 	will not want to configure root password during this installation
> >> 	session" for kernels without rnd(4).
> >
> >This seems totally overwrought. All the random number is used for here
> >is generating a salt, whose goal is to make dictionary attacks on the
> >encrypted password difficult, right? I don't think that requires a
> >top-notch random-number generator.
> I was about to post the same observation.  (The situation will be 
> different if, as itojun suggests, sysinst generates ssh keys, but 
> perhaps that should be done at first boot?)

	there are lots of other stuffs that is using random number source
	(TCP sequence number, ffs_dirpref() as discussed, fragment id, ...). 
	i think we really should add rnd(4) to installation kernel.