FreeBSD Security Advisory (FreeBSD-SA-08:11.arc4random)


arc4random(9) is a generic-purpose random number generator based on the key stream generator of the RC4 cipher. It is expected to be cryptographically strong, and used throughout the FreeBSD kernel for a variety of purposes, some of which rely on its cryptographic strength.

arc4random(9) is periodically reseeded with entropy from the FreeBSD kernel’s Yarrow random number generator, which gathers entropy from a variety of sources including hardware interrupts. During the boot process, additional entropy is provided to the Yarrow random number generator from userland, helping to ensure that adequate entropy is present for cryptographic purposes.

Problem description

When the arc4random(9) random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random(9); and it may take up to 5 minutes before arc4random(9) is reseeded with secure entropy from the Yarrow random number generator.

Read further to find out about the impact, solution and workaround

Putting Beastie back in the boot menu (howto)

If you’ve used FreeBSD in the past you’re likely familiar with the mascot, Beastie.  In the past Beastie was part of the boot menu, but recently he was replaced with a simple FREEBSD text image.  To put Beastie back in the menu you can add the following to your /boot/loader.conf:


Source: (21/10/2008)

Speed up installing from ports (howto)

There is a port under ports-mgmt called fastest_sites. This the MASTER_SITE definitions depending on the round-trip time for the tcp connections. The results are sorted by fastest response time and in a format suitable for Makefile.

# cd /usr/ports/ports-mgmt/fastest_sites

# make install

Now let’s generate the sorted list of master sites:

# fastest_sites > /usr/local/etc/ports_sites.conf &

This step may take some time as quite a number of sites have to be checked. In the meantime you can add the following line to /etc/make.conf:

.include "/usr/local/etc/ports_sites.conf"

From: Originally published by the writer of this python script on