WARNING: pseudo-random number generator used for IPsec processing

Darkk · Mar 29, 2011, 5:23 AM

I get this on my PfSense 2.0 console screen whenever it first makes a IPsec connection:

Should I be concerned about it or it's just largely cosmetic?

I am using the 2.0-RC1 (i386) built on Mon Mar 28 16:37:49 EDT 2011 snapshot but been seeing this for a month or so now with previous snapshots.

Darkk

cmb · Mar 29, 2011, 6:01 AM

You've always been seeing that, it's been around in FreeBSD for as long as IPsec has, over a decade. You don't have a true random number generator so your IPsec may be weaker than if you had one. In practice, ignore it, nobody is going to go to the extent of attempting to crack that for what you have on your network (there are much easier and cheaper ways to get it).

jimp · Mar 31, 2011, 6:20 PM

And the obligatory XKCD on the topic…

http://xkcd.com/538/