path: root/hostapd/defconfig
diff options
authorJouni Malinen <jouni.malinen@atheros.com>2011-05-31 17:07:11 (GMT)
committerJouni Malinen <j@w1.fi>2011-05-31 17:07:11 (GMT)
commit38e24575c18b02a2f8bf7ea38b937ad010682872 (patch)
tree46df39222d7603aa5d9c14fea6fe05d8a9c6487a /hostapd/defconfig
parentceb34f250af7a7082f18c1e0451dc7fbc0f000f3 (diff)
random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new command line parameter, -e, can now be used to specify an entropy file that will be used to maintain the needed state.
Diffstat (limited to 'hostapd/defconfig')
1 files changed, 8 insertions, 2 deletions
diff --git a/hostapd/defconfig b/hostapd/defconfig
index 38d3284..26be2a8 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -193,9 +193,15 @@ CONFIG_IPV6=y
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
-# generatior or by storing state over device reboots.
+# generator or by storing state over device reboots.
-# If the os_get_random() is known to provide strong ramdom data (e.g., on
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be