From owner-freebsd-security@FreeBSD.ORG  Tue Sep 11 21:34:52 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C9F7B106564A;
	Tue, 11 Sep 2012 21:34:52 +0000 (UTC)
	(envelope-from delphij@delphij.net)
Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212])
	by mx1.freebsd.org (Postfix) with ESMTP id A079B8FC0A;
	Tue, 11 Sep 2012 21:34:52 +0000 (UTC)
Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by anubis.delphij.net (Postfix) with ESMTPSA id B3BA51EE13;
	Tue, 11 Sep 2012 14:34:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis;
	t=1347399292; bh=c0ysX5Sp0CepfJMCHucqPkaos6012Jl4zQvODtMCUAs=;
	h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To;
	b=Mdj7wo+dYWXrqTpe1UFe4KeEcFBOiWv9kEptpIYqGaWlQRMq+EFSrtQaaqbGEkB1M
	CU6pir+2LQy2sDE4ISVa/5MbLOIzEYZQQIiGM36vrSREWNaL7M3AHWtqnMh7TUBdR8
	GC0c6sIelnV3Ws4pfmmf7D3zWQmbOmQLUMzpq3Fw=
Message-ID: <504FAE7A.6070907@delphij.net>
Date: Tue, 11 Sep 2012 14:34:50 -0700
From: Xin Li <delphij@delphij.net>
Organization: The freeBSD Project
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7
MIME-Version: 1.0
To: RW <rwmaillists@googlemail.com>
References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org>
	<50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org>
	<50453686.9090100@FreeBSD.org>
	<20120904220754.GA3643@server.rulingia.com>
	<20120906174247.GB13179@dragon.NUXI.org>
	<20120906230157.5307a21f@gumby.homeunix.com>
	<20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org>
	<20120911061530.GA77399@dragon.NUXI.org>
	<504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no>
	<20120911205302.27484fd6@gumby.homeunix.com>
	<504FA511.8050904@delphij.net>
	<20120911222730.7f92325e@gumby.homeunix.com>
In-Reply-To: <20120911222730.7f92325e@gumby.homeunix.com>
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: Arthur Mesh <arthurmesh@gmail.com>,
	Ian Lepore <freebsd@damnhippie.dyndns.org>,
	Doug Barton <dougb@FreeBSD.org>, freebsd-rc@freebsd.org,
	freebsd-security@freebsd.org,
	=?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, d@delphij.net
Subject: Re: svn commit: r239569 - head/etc/rc.d
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: d@delphij.net
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 21:34:52 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/11/12 14:27, RW wrote:
> On Tue, 11 Sep 2012 13:54:41 -0700 Xin Li wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> 
>> On 09/11/12 12:53, RW wrote:
>>> On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Smørgrav wrote:
>>> 
>>>> Doug Barton <dougb@FreeBSD.org> writes:
>>>>> 1. Pseudo-randomize the order in which we utilize the files
>>>>> in /var/db/entropy
>>>> 
>>>> There's no need for randomization if we make sure that *all*
>>>> the data written to /dev/random is used, rather than just the
>>>> first 4096 bytes; or that we reduce the amount of data to
>>>> 4096 bytes before we write it so none of it is discarded.  My
>>>> gut feeling is that compression is better than hashing for
>>>> that purpose,
>>> 
>>> It's analogous to a passphrase, have you ever heard of a
>>> passphrase being compressed rather than hashed?
>> 
>> Passphrase hashing is a completely different topic, as what we
>> wanted is a one-way function that can not be easily reversed,
>> even when part of the passphrase is known.
> 
> I was refering to the conversion of a passphrase to key material

Did you mean the process like, deriving a master AES-128 key from an
arbitrary passphrase?

Cheers,
- -- 
Xin LI <delphij@delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJQT656AAoJEG80Jeu8UPuz88kH/2dOUicwPw2yQBF5lFzljkS4
wiQbDaDKdvSFgCyPF3RJB8y91WRiDRLjuhMl84zflyVlXKUnZrf8yD649h8I/jCO
7FcZTorgSdN6BA/6lpEg6bQxhMlROInVcOIiN5uSy2FUcme34qvQXkv8P+toKXZi
vsTahuvHtZdL9rYw44vZcpCyNiPx6NiBAOwPMPHmQHRuxbMlEjKwHz2rJQmnkml+
iXo7UFuF43X5Sw0HWFQzJepwNhUaD1IEWMSg8GIoO3euv2kYtn7CSHd76W39tiCk
qaOBOtX0MN8JNlm/ph8bXaCA8iez63mTwj3ALRE/JkaHa0AF2U9RVJIV1Y8mR/E=
=FVY0
-----END PGP SIGNATURE-----