2

Years ago, I could manually seed the random number generator in FreeBSD by setting:

sysctl -w kern.random.sys.seeded=0

... and then if I deleted my SSH keys (on purpose) and restarted sshd, I would be forced to mash my keyboard for a page or two in order to seed the RNG. Then sshd would create new ssh keys based on that seed.

This is no longer possible - that sysctl no longer exists and sshd happily makes new keys every time I wipe the existing ones out.

I am not suggesting manually seeding the RNG is more secure - it's possible worse - but I am asking why it is no longer possible to do this, or, if it is, how I can do this in 2019 (FreeBSD 12).

Dave M
  • 4,494
  • 21
  • 30
  • 30
user227963
  • 199
  • 1
  • 2
  • 11

1 Answers1

1

I'm not an expert in this field, but AFAIK FreeBSD maintains a single pool of entropy and seeds it with random data coming from various sources - CPU, network interfaces, mouse and keyboard input, etc.

So, to "seed" it you can just "mash your keyboard" right away, and randomness will be added to the pool.

Somewhat relevant question: https://crypto.stackexchange.com/questions/56390/seeding-the-fortuna-prng-for-the-first-time

arrowd
  • 319
  • 1
  • 8