1*691c8254Smartin/* $NetBSD: msg.entropy.en,v 1.4 2022/04/21 17:30:15 martin Exp $ */ 2ea503c59Smartin 3ea503c59Smartin/* 482b17beaSmartin * Copyright (c) 2020 The NetBSD Foundation, Inc. 5ea503c59Smartin * All rights reserved. 6ea503c59Smartin * 7ea503c59Smartin * Redistribution and use in source and binary forms, with or without 8ea503c59Smartin * modification, are permitted provided that the following conditions 9ea503c59Smartin * are met: 10ea503c59Smartin * 1. Redistributions of source code must retain the above copyright 11ea503c59Smartin * notice, this list of conditions and the following disclaimer. 12ea503c59Smartin * 2. Redistributions in binary form must reproduce the above copyright 13ea503c59Smartin * notice, this list of conditions and the following disclaimer in the 14ea503c59Smartin * documentation and/or other materials provided with the distribution. 15ea503c59Smartin * 1682b17beaSmartin * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 1782b17beaSmartin * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 1882b17beaSmartin * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 1982b17beaSmartin * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 2082b17beaSmartin * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21ea503c59Smartin * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22ea503c59Smartin * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23ea503c59Smartin * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24ea503c59Smartin * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2582b17beaSmartin * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2682b17beaSmartin * POSSIBILITY OF SUCH DAMAGE. 27ea503c59Smartin */ 28ea503c59Smartin 29ffd5ced0Smartinmessage Configure_entropy {Set up entropy} 30ffd5ced0Smartin 31*691c8254Smartinmessage continue_without_entropy {Not now, continue!} 32ffd5ced0Smartin 33ea503c59Smartinmessage not_enough_entropy 34ea503c59Smartin{This system seems to lack a cryptographically strong pseudo random 35ea503c59Smartinnumber generator. There is not enough entropy available to create secure 36ea503c59Smartinkeys (e.g. ssh host keys). 37ea503c59Smartin 38*691c8254SmartinIf you plan to use this installation for production work and will 39*691c8254Smartinfor example have ssh host keys generated, we strongly advise to complete 40*691c8254Smartinthe entropy setup now! 41*691c8254Smartin 42ea503c59SmartinYou may use random data generated on another computer and load it 43ea503c59Smartinhere, or you could enter random characters manually. 44ea503c59Smartin 45*691c8254SmartinIf you have a USB random number device, connect it now and select 46ea503c59Smartinthe "Re-test" option.} 47ea503c59Smartin 48*691c8254Smartinmessage entropy_add_manually {Manually input random characters} 49ffd5ced0Smartinmessage entropy_download_raw {Load raw binary random data} 50ea503c59Smartinmessage entropy_download_seed {Import a NetBSD entropy file} 51ea503c59Smartinmessage entropy_retry {Re-test} 52ea503c59Smartin 53ea503c59Smartinmessage entropy_enter_manual1 54*691c8254Smartin{Enter one line of random characters.} 55ea503c59Smartin 56ea503c59Smartinmessage entropy_enter_manual2 57ea503c59Smartin{They should contain at last 256 bits of randomness, as in 256 coin 58ea503c59Smartintosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or 59ea503c59Smartin(if you are able to copy & paste output from another machine into this 60ea503c59Smartininstaller) the output from running the following command on another 61ea503c59Smartinmachine whose randomness you trust:} 62ea503c59Smartin 63ea503c59Smartinmessage entropy_enter_manual3 64*691c8254Smartin{A line of any length and content will be accepted and assumed to 65*691c8254Smartincontain at least 256 bits of randomness. If it actually contains 66*691c8254Smartinless, the installed system may not be secure.} 67ea503c59Smartin 68ea503c59Smartinmessage entropy_select_file 69ea503c59Smartin{Please select how you want to transfer the random data file 70ea503c59Smartinto this machine:} 71ea503c59Smartin 72ea503c59Smartinmessage entropy_add_download_ftp 73ea503c59Smartin{Download via ftp} 74ea503c59Smartin 75ea503c59Smartinmessage entropy_add_download_http 76ea503c59Smartin{Download via http} 77ea503c59Smartin 78ea503c59Smartinmessage download_entropy 79ea503c59Smartin{Start download} 80ea503c59Smartin 81ea503c59Smartinmessage entropy_add_nfs 82ea503c59Smartin{Load from a NFS share} 83ea503c59Smartin 84ea503c59Smartinmessage entropy_add_local 85ea503c59Smartin{Load from a local file system (e.g. a USB device)} 86ea503c59Smartin 87ea503c59Smartinmessage entropy_file 88ea503c59Smartin{Path/file} 89ea503c59Smartin 90ea503c59Smartinmessage load_entropy 91ea503c59Smartin{Load random data} 92ea503c59Smartin 93ea503c59Smartinmessage set_entropy_file 94ea503c59Smartin{Random data file path} 95ea503c59Smartin 96ea503c59Smartin/* Called with: Example 97ea503c59Smartin * $0 = content of file NetBSD entropy seed file 98ea503c59Smartin */ 99ea503c59Smartinmessage entropy_via_nfs 100ea503c59Smartin{Select a server, a share and the file path to load the $0.} 101ea503c59Smartin 102ea503c59Smartin/* Called with: Example 103ea503c59Smartin * $0 = content of file NetBSD entropy seed file 104ea503c59Smartin */ 105ea503c59Smartinmessage entropy_via_download 106ea503c59Smartin{Since not enough entropy is available on this system, all crytographic 107ea503c59Smartinoperations are suspect to replay attacks. 108ea503c59SmartinPlease only use trustworthy local networks.} 109ea503c59Smartin 110ea503c59Smartinmessage entropy_data 111ea503c59Smartin{random data binary file} 112ea503c59Smartin 113ea503c59Smartinmessage entropy_data_hdr 114ea503c59Smartin{On a system with cryptographically strong pseudo random number generator 115ea503c59Smartinyou can create a file with random binary data like this:} 116ea503c59Smartin 117ea503c59Smartinmessage entropy_seed 118ea503c59Smartin{NetBSD entropy seed file} 119ea503c59Smartin 120ea503c59Smartinmessage entropy_seed_hdr 121ea503c59Smartin{On a NetBSD system with cryptographically strong pseudo random number 122ea503c59Smartingenerator you can create an entropy snapshot like this:} 123ea503c59Smartin 124ea503c59Smartinmessage entropy_path_and_file 125ea503c59Smartin{Path and filename} 126ea503c59Smartin 127ea503c59Smartinmessage entropy_localfs 128ea503c59Smartin{Enter the unmounted local device and directory on that device where 129ea503c59Smartinthe random data is located.} 130