From owner-freebsd-security@FreeBSD.ORG Wed Sep 5 20:59:36 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BB1A1065670; Wed, 5 Sep 2012 20:59:36 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (host-122-100-2-194.octopus.com.au [122.100.2.194]) by mx1.freebsd.org (Postfix) with ESMTP id 72EF88FC12; Wed, 5 Sep 2012 20:59:34 +0000 (UTC) Received: from aspire.rulingia.com (12.58.233.220.static.exetel.com.au [220.233.58.12]) by vps.rulingia.com (8.14.5/8.14.5) with ESMTP id q85KxSOU061428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 6 Sep 2012 06:59:33 +1000 (EST) (envelope-from peter@rulingia.com) Received: from aspire.rulingia.com (localhost [127.0.0.1]) by aspire.rulingia.com (8.14.5/8.14.5) with ESMTP id q85KxKks010304 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Sep 2012 06:59:20 +1000 (EST) (envelope-from peter@aspire.rulingia.com) Received: (from peter@localhost) by aspire.rulingia.com (8.14.5/8.14.5/Submit) id q85KxKfH010303; Thu, 6 Sep 2012 06:59:20 +1000 (EST) (envelope-from peter) Date: Thu, 6 Sep 2012 06:59:19 +1000 From: Peter Jeremy To: Doug Barton Message-ID: <20120905205919.GD2654@aspire.rulingia.com> References: <201208222337.q7MNbORo017642@svn.freebsd.org> <5043E449.8050005@FreeBSD.org> <1346638718.1140.573.camel@revolution.hippie.lan> <50451041.9070302@FreeBSD.org> <1346789717.1140.675.camel@revolution.hippie.lan> <504687E1.3060203@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="P+33d92oIH25kiaB" Content-Disposition: inline In-Reply-To: <504687E1.3060203@FreeBSD.org> X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org, freebsd-rc@freebsd.org Subject: Re: svn commit: r239598 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2012 20:59:36 -0000 --P+33d92oIH25kiaB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Sep-04 15:59:45 -0700, Doug Barton wrote: >I'm not sure I agree with that, since the combination of lower quality >input (the boilerplate) and higher quality (changing numbers) still >provides more bits to stir the pool with. Even though the average >quality is lower over the total number of bits I still think it's >probably more valuable to pump in the higher quantity given the internal >chewing that Yarrow does with the bits. I don't understand the point of feeding boilerplate into Yarrow. Yes, it will stir Yarrow's internal state but it does so in a predictable way so it doesn't add any entropy. On the downside, it doesn't appear to be possible to queue more than 4KB of input every 100msec - excess input is just discarded. This implies that feeding boilerplate into /dev/random just increases the probability that real entropy will be discarded. --=20 Peter Jeremy --P+33d92oIH25kiaB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBHvScACgkQ/opHv/APuIeYAgCgkpswJECvg09j61VhF5I/xqjb IYwAn1/NGKekUCoF9/YkelwcLZDWDDNE =r7Cu -----END PGP SIGNATURE----- --P+33d92oIH25kiaB--