1*18183f70Smartin/* $NetBSD: msg.entropy.en,v 1.4 2022/04/21 17:30:15 martin Exp $ */ 2043e812bSmartin 3043e812bSmartin/* 46948e0f3Smartin * Copyright (c) 2020 The NetBSD Foundation, Inc. 5043e812bSmartin * All rights reserved. 6043e812bSmartin * 7043e812bSmartin * Redistribution and use in source and binary forms, with or without 8043e812bSmartin * modification, are permitted provided that the following conditions 9043e812bSmartin * are met: 10043e812bSmartin * 1. Redistributions of source code must retain the above copyright 11043e812bSmartin * notice, this list of conditions and the following disclaimer. 12043e812bSmartin * 2. Redistributions in binary form must reproduce the above copyright 13043e812bSmartin * notice, this list of conditions and the following disclaimer in the 14043e812bSmartin * documentation and/or other materials provided with the distribution. 15043e812bSmartin * 166948e0f3Smartin * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 176948e0f3Smartin * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 186948e0f3Smartin * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 196948e0f3Smartin * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 206948e0f3Smartin * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21043e812bSmartin * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22043e812bSmartin * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23043e812bSmartin * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24043e812bSmartin * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 256948e0f3Smartin * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 266948e0f3Smartin * POSSIBILITY OF SUCH DAMAGE. 27043e812bSmartin */ 28043e812bSmartin 2903af0822Smartinmessage Configure_entropy {Set up entropy} 3003af0822Smartin 31*18183f70Smartinmessage continue_without_entropy {Not now, continue!} 3203af0822Smartin 33043e812bSmartinmessage not_enough_entropy 34043e812bSmartin{This system seems to lack a cryptographically strong pseudo random 35043e812bSmartinnumber generator. There is not enough entropy available to create secure 36043e812bSmartinkeys (e.g. ssh host keys). 37043e812bSmartin 38*18183f70SmartinIf you plan to use this installation for production work and will 39*18183f70Smartinfor example have ssh host keys generated, we strongly advise to complete 40*18183f70Smartinthe entropy setup now! 41*18183f70Smartin 42043e812bSmartinYou may use random data generated on another computer and load it 43043e812bSmartinhere, or you could enter random characters manually. 44043e812bSmartin 45*18183f70SmartinIf you have a USB random number device, connect it now and select 46043e812bSmartinthe "Re-test" option.} 47043e812bSmartin 48*18183f70Smartinmessage entropy_add_manually {Manually input random characters} 4903af0822Smartinmessage entropy_download_raw {Load raw binary random data} 50043e812bSmartinmessage entropy_download_seed {Import a NetBSD entropy file} 51043e812bSmartinmessage entropy_retry {Re-test} 52043e812bSmartin 53043e812bSmartinmessage entropy_enter_manual1 54*18183f70Smartin{Enter one line of random characters.} 55043e812bSmartin 56043e812bSmartinmessage entropy_enter_manual2 57043e812bSmartin{They should contain at last 256 bits of randomness, as in 256 coin 58043e812bSmartintosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or 59043e812bSmartin(if you are able to copy & paste output from another machine into this 60043e812bSmartininstaller) the output from running the following command on another 61043e812bSmartinmachine whose randomness you trust:} 62043e812bSmartin 63043e812bSmartinmessage entropy_enter_manual3 64*18183f70Smartin{A line of any length and content will be accepted and assumed to 65*18183f70Smartincontain at least 256 bits of randomness. If it actually contains 66*18183f70Smartinless, the installed system may not be secure.} 67043e812bSmartin 68043e812bSmartinmessage entropy_select_file 69043e812bSmartin{Please select how you want to transfer the random data file 70043e812bSmartinto this machine:} 71043e812bSmartin 72043e812bSmartinmessage entropy_add_download_ftp 73043e812bSmartin{Download via ftp} 74043e812bSmartin 75043e812bSmartinmessage entropy_add_download_http 76043e812bSmartin{Download via http} 77043e812bSmartin 78043e812bSmartinmessage download_entropy 79043e812bSmartin{Start download} 80043e812bSmartin 81043e812bSmartinmessage entropy_add_nfs 82043e812bSmartin{Load from a NFS share} 83043e812bSmartin 84043e812bSmartinmessage entropy_add_local 85043e812bSmartin{Load from a local file system (e.g. a USB device)} 86043e812bSmartin 87043e812bSmartinmessage entropy_file 88043e812bSmartin{Path/file} 89043e812bSmartin 90043e812bSmartinmessage load_entropy 91043e812bSmartin{Load random data} 92043e812bSmartin 93043e812bSmartinmessage set_entropy_file 94043e812bSmartin{Random data file path} 95043e812bSmartin 96043e812bSmartin/* Called with: Example 97043e812bSmartin * $0 = content of file NetBSD entropy seed file 98043e812bSmartin */ 99043e812bSmartinmessage entropy_via_nfs 100043e812bSmartin{Select a server, a share and the file path to load the $0.} 101043e812bSmartin 102043e812bSmartin/* Called with: Example 103043e812bSmartin * $0 = content of file NetBSD entropy seed file 104043e812bSmartin */ 105043e812bSmartinmessage entropy_via_download 106043e812bSmartin{Since not enough entropy is available on this system, all crytographic 107043e812bSmartinoperations are suspect to replay attacks. 108043e812bSmartinPlease only use trustworthy local networks.} 109043e812bSmartin 110043e812bSmartinmessage entropy_data 111043e812bSmartin{random data binary file} 112043e812bSmartin 113043e812bSmartinmessage entropy_data_hdr 114043e812bSmartin{On a system with cryptographically strong pseudo random number generator 115043e812bSmartinyou can create a file with random binary data like this:} 116043e812bSmartin 117043e812bSmartinmessage entropy_seed 118043e812bSmartin{NetBSD entropy seed file} 119043e812bSmartin 120043e812bSmartinmessage entropy_seed_hdr 121043e812bSmartin{On a NetBSD system with cryptographically strong pseudo random number 122043e812bSmartingenerator you can create an entropy snapshot like this:} 123043e812bSmartin 124043e812bSmartinmessage entropy_path_and_file 125043e812bSmartin{Path and filename} 126043e812bSmartin 127043e812bSmartinmessage entropy_localfs 128043e812bSmartin{Enter the unmounted local device and directory on that device where 129043e812bSmartinthe random data is located.} 130