From owner-freebsd-security@FreeBSD.ORG Tue Sep 11 21:27:35 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7BACF1065670; Tue, 11 Sep 2012 21:27:35 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 95FB08FC15; Tue, 11 Sep 2012 21:27:34 +0000 (UTC) Received: by eaak11 with SMTP id k11so538706eaa.13 for ; Tue, 11 Sep 2012 14:27:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=KWwqnoeed/3f4M/d5Hs6An/uJw67fZeKrNGEOtGR5T8=; b=udIlk+rURWv4uIj57Zhyro3JZD9hkBldpzGFkdKjMCPCjPK7HP3irrS97gH7eb8/SI VdxBPevpUuT3TPGyJTatSpg1+f35mKua8Ily27jz5ShauZ0HVBTSF86czOQsudGx3Qt2 25E3wK7LFXKX1bUYed7Wtsr1DqoUawaOERy7uAFERfhBvuzeb6n20QyhjJ96ulcMIV3f NXRjPevWH+bZ1K7/hWoKeX409deFslWjVdJE/2Mx1J5dzKyIvNpJACXYrb8lmBUj3Bvw pIVY2OyORkgQjF6S0NIvEgJkocRAKfb6O3jUkd9RBb2z/qfPnb0j95hgDMwjVbtwH6xa YCHg== Received: by 10.14.203.69 with SMTP id e45mr27814779eeo.23.1347398853515; Tue, 11 Sep 2012 14:27:33 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id e7sm50543804eep.2.2012.09.11.14.27.31 (version=SSLv3 cipher=OTHER); Tue, 11 Sep 2012 14:27:32 -0700 (PDT) Date: Tue, 11 Sep 2012 22:27:30 +0100 From: RW To: d@delphij.net Message-ID: <20120911222730.7f92325e@gumby.homeunix.com> In-Reply-To: <504FA511.8050904@delphij.net> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <504FA511.8050904@delphij.net> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= , delphij@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:27:35 -0000 On Tue, 11 Sep 2012 13:54:41 -0700 Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 >=20 > On 09/11/12 12:53, RW wrote: > > On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Sm=F8rgrav wrote: > >=20 > >> Doug Barton writes: > >>> 1. Pseudo-randomize the order in which we utilize the files in=20 > >>> /var/db/entropy > >>=20 > >> There's no need for randomization if we make sure that *all* the > >> data written to /dev/random is used, rather than just the first > >> 4096 bytes; or that we reduce the amount of data to 4096 bytes > >> before we write it so none of it is discarded. My gut feeling is > >> that compression is better than hashing for that purpose, > >=20 > > It's analogous to a passphrase, have you ever heard of a passphrase > > being compressed rather than hashed? >=20 > Passphrase hashing is a completely different topic, as what we wanted > is a one-way function that can not be easily reversed, even when part > of the passphrase is known. I was refering to the conversion of a passphrase to key material=20