1 1.5 martin /* $NetBSD: msg.entropy.pl,v 1.5 2022/04/21 17:30:15 martin Exp $ */ 2 1.1 martin 3 1.1 martin /* 4 1.2 martin * Copyright (c) 2020 The NetBSD Foundation, Inc. 5 1.1 martin * All rights reserved. 6 1.1 martin * 7 1.1 martin * Redistribution and use in source and binary forms, with or without 8 1.1 martin * modification, are permitted provided that the following conditions 9 1.1 martin * are met: 10 1.1 martin * 1. Redistributions of source code must retain the above copyright 11 1.1 martin * notice, this list of conditions and the following disclaimer. 12 1.1 martin * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 martin * notice, this list of conditions and the following disclaimer in the 14 1.1 martin * documentation and/or other materials provided with the distribution. 15 1.1 martin * 16 1.2 martin * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 1.2 martin * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 1.2 martin * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 1.2 martin * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 1.2 martin * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 1.1 martin * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 1.1 martin * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 1.1 martin * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 1.1 martin * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 1.2 martin * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 1.2 martin * POSSIBILITY OF SUCH DAMAGE. 27 1.1 martin */ 28 1.1 martin 29 1.3 martin message Configure_entropy {Set up entropy} 30 1.3 martin 31 1.5 martin message continue_without_entropy {Not now, continue!} 32 1.3 martin 33 1.1 martin message not_enough_entropy 34 1.1 martin {This system seems to lack a cryptographically strong pseudo random 35 1.1 martin number generator. There is not enough entropy available to create secure 36 1.1 martin keys (e.g. ssh host keys). 37 1.5 martin 38 1.5 martin If you plan to use this installation for production work and will 39 1.5 martin for example have ssh host keys generated, we strongly advise to complete 40 1.5 martin the entropy setup now! 41 1.5 martin 42 1.1 martin You may use random data generated on another computer and load it 43 1.1 martin here, or you could enter random characters manually. 44 1.1 martin 45 1.5 martin If you have a USB random number device, connect it now and select 46 1.1 martin the "Re-test" option.} 47 1.1 martin 48 1.5 martin message entropy_add_manually {Manually input random characters} 49 1.4 nia message entropy_download_raw {Load raw binary random data} 50 1.1 martin message entropy_download_seed {Import a NetBSD entropy file} 51 1.1 martin message entropy_retry {Re-test} 52 1.1 martin 53 1.1 martin message entropy_enter_manual1 54 1.5 martin {Enter one line of random characters.} 55 1.1 martin 56 1.1 martin message entropy_enter_manual2 57 1.1 martin {They should contain at last 256 bits of randomness, as in 256 coin 58 1.1 martin tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or 59 1.1 martin (if you are able to copy & paste output from another machine into this 60 1.1 martin installer) the output from running the following command on another 61 1.1 martin machine whose randomness you trust:} 62 1.1 martin 63 1.1 martin message entropy_enter_manual3 64 1.5 martin {A line of any length and content will be accepted and assumed to 65 1.5 martin contain at least 256 bits of randomness. If it actually contains 66 1.5 martin less, the installed system may not be secure.} 67 1.1 martin 68 1.1 martin message entropy_select_file 69 1.1 martin {Please select how you want to transfer the random data file 70 1.1 martin to this machine:} 71 1.1 martin 72 1.1 martin message entropy_add_download_ftp 73 1.1 martin {Download via ftp} 74 1.1 martin 75 1.1 martin message entropy_add_download_http 76 1.1 martin {Download via http} 77 1.1 martin 78 1.1 martin message download_entropy 79 1.1 martin {Start download} 80 1.1 martin 81 1.1 martin message entropy_add_nfs 82 1.1 martin {Load from a NFS share} 83 1.1 martin 84 1.1 martin message entropy_add_local 85 1.1 martin {Load from a local file system (e.g. a USB device)} 86 1.1 martin 87 1.1 martin message entropy_file 88 1.1 martin {Path/file} 89 1.1 martin 90 1.1 martin message load_entropy 91 1.1 martin {Load random data} 92 1.1 martin 93 1.1 martin message set_entropy_file 94 1.1 martin {Random data file path} 95 1.1 martin 96 1.1 martin /* Called with: Example 97 1.1 martin * $0 = content of file NetBSD entropy seed file 98 1.1 martin */ 99 1.1 martin message entropy_via_nfs 100 1.1 martin {Select a server, a share and the file path to load the $0.} 101 1.1 martin 102 1.1 martin /* Called with: Example 103 1.1 martin * $0 = content of file NetBSD entropy seed file 104 1.1 martin */ 105 1.1 martin message entropy_via_download 106 1.1 martin {Since not enough entropy is available on this system, all crytographic 107 1.1 martin operations are suspect to replay attacks. 108 1.1 martin Please only use trustworthy local networks.} 109 1.1 martin 110 1.1 martin message entropy_data 111 1.1 martin {random data binary file} 112 1.1 martin 113 1.1 martin message entropy_data_hdr 114 1.1 martin {On a system with cryptographically strong pseudo random number generator 115 1.1 martin you can create a file with random binary data like this:} 116 1.1 martin 117 1.1 martin message entropy_seed 118 1.1 martin {NetBSD entropy seed file} 119 1.1 martin 120 1.1 martin message entropy_seed_hdr 121 1.1 martin {On a NetBSD system with cryptographically strong pseudo random number 122 1.1 martin generator you can create an entropy snapshot like this:} 123 1.1 martin 124 1.1 martin message entropy_path_and_file 125 1.1 martin {Path and filename} 126 1.1 martin 127 1.1 martin message entropy_localfs 128 1.1 martin {Enter the unmounted local device and directory on that device where 129 1.1 martin the random data is located.} 130
Indexes created Mon Sep 22 13:09:51 GMT 2025