On 12/22/2010 01:46 AM, Theo de Raadt wrote:
quoted text
>> 2010/12/21 Theo de Raadt<deraadt@cvs.openbsd.org>:
>>> HANG ON.
>>>
>>> Go look at the function random_seed() in /usr/src/etc/rc
>>> Then look at when it is called.
>>
>> so, the current state of the PRNG will be preserved during reboots.
>
> That statement is false.
>
>> Good.
>
> No.  You misread the code.
>
>> That gives some information about system entropy, which will be
>> "good" at all times, except for the very first boot of an
>> installation. See : rnd.c: randomwrite() ->  add_entropy_words();
>
> That part is true.  But what you said earlier is false.
>
>> However, arc4_stir will still be called once after every reboot.
>> During its first call, the value of nanotime() will be placed at the
>> beginning of buf, which is then beeing used to init the rc4 context.
>
> What else do you think we should use?  Where do we invent entropy from
> when the kernel has only been running for 0.01 of a second?

Could a random seed be patched into the kernel image at installation time?

Admittedly this is not entropy, this is a just secret key and anyone 
with access to the machine would be able to read it, but from the 
outside, specially considered that machines are not rebooted so often 
(and when they are, it is usually for updating them), it would look like 
real random data.

- Salva