WARNING: pseudo-random number generator used for IPsec processing



  • I get this on my PfSense 2.0 console screen whenever it first makes a IPsec connection:

    WARNING: pseudo-random number generator used for IPsec processing

    Should I be concerned about it or it's just largely cosmetic?

    I am using the 2.0-RC1 (i386) built on Mon Mar 28 16:37:49 EDT 2011 snapshot but been seeing this for a month or so now with previous snapshots.

    Darkk



  • You've always been seeing that, it's been around in FreeBSD for as long as IPsec has, over a decade. You don't have a true random number generator so your IPsec may be weaker than if you had one. In practice, ignore it, nobody is going to go to the extent of attempting to crack that for what you have on your network (there are much easier and cheaper ways to get it).


  • Rebel Alliance Developer Netgate

    And the obligatory XKCD on the topic…

    http://xkcd.com/538/


Locked