From owner-freebsd-security@FreeBSD.ORG Fri Sep 14 19:14:26 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73259106575A; Fri, 14 Sep 2012 19:14:26 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id B8D738FC08; Fri, 14 Sep 2012 19:14:25 +0000 (UTC) Received: by vbmv11 with SMTP id v11so6733733vbm.13 for ; Fri, 14 Sep 2012 12:14:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=0cHvNDoOdIuyhg5oqj7aB0SQOajPxgsA8Zz0x5t7Q7E=; b=uyaNjzB6HtnNsCrovduVvahehGPZL9Y6vUGvGGCVznaDGX49R2NFci68uDpSvEDZel EPqMUkz7WMiqEOsDCaN+ddqcQpE6Ox9jQX/bUmvihjsk/Aikp9OAusHCDHClzvMMzq64 /5gmVXHB4JqoR8r1L7ZKpthsonma8qvEa2fdGKaR/tw1tjaYFogIwW2OPKk8hJa2J18F fZln4y/WIfPjWUwx+pkxse34cPiBo1gzGmnbviy106ZkASreia7fPaLIfZ2lrMpEdpbq 1wCH5J4IXRTDKnVk25VYb9gGGBVu5URpH2SVSzWwz1fEYL7xg2lNVy9/KbRfm9bT3AEM ArZA== MIME-Version: 1.0 Received: by 10.52.38.40 with SMTP id d8mr92313vdk.67.1347650064550; Fri, 14 Sep 2012 12:14:24 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.58.79.243 with HTTP; Fri, 14 Sep 2012 12:14:24 -0700 (PDT) In-Reply-To: References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> Date: Fri, 14 Sep 2012 20:14:24 +0100 X-Google-Sender-Auth: AHtdGOfVpUbq263RBQCLHIhmJLY Message-ID: From: Ben Laurie To: Mark Murray , Mark Murray Content-Type: text/plain; charset=ISO-8859-1 Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-security@freebsd.org, RW , "Bjoern A. Zeeb" Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 19:14:26 -0000 On Fri, Sep 14, 2012 at 8:06 PM, Mark Murray wrote: > Ben Laurie writes: >> > I'll send patches (untested) in a couple of hours for discussion. >> >> I used to like this idea, but it can break pretty badly if you repeat >> input, so in the end I decided hashes were the only safe way. > > What??! Have you seen how Yarrow does its harvesting?? If you XOR into the as-yet-unharvested buffer, then appropriately aligned repeated input makes the buffer zero. > > Presupposing there is no other source of randomness to get swamped out of the way, > > $ cat /dev/zero > /dev/random # pretend that /dev/zero is finite length. > > ... is harmless, and actually adds a small bit of perturbation to the entropy. > > Please explain how repeating input can "break" things here? > > M > -- > Mark R V Murray > Pi: 132511160 >