Date: Tue, 1 Mar 2005 00:02:51 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Kris Kennaway" <kris@obsecurity.org> Cc: FreeBSD questions <freebsd-questions@freebsd.org> Subject: RE: /dev/io , /dev/mem : only used by Xorg? Message-ID: <LOBBIFDAGNMAMLGJJCKNAEJGFAAA.tedm@toybox.placo.com> In-Reply-To: <20050228200706.GA70059@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
owner-freebsd-questions@freebsd.org wrote: > On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote: > >> Actually, recompiling openssl to use a prng daemon instead of the >> random device will probably improve your ssh security - unless they >> have greatly improved the entropy generation in the random device in >> 5.X > > Yes. It seems that you really need to learn about FreeBSD 5.x and > how it differs from 4.x. > Do I hear an echo here? Did you miss the part where I said "UNLESS they have greatly improved..." The description of the "all new" randomizer in FreeBSD 5.X is all very well but I have not got around to run a test suite against it. So until such time as I do, I am not going to assume that it really is better. There's a big gap between implementation and architecture. As I only care to make my stuff crackable by 500 clustered supercomputers working for 1 year, instead of 2000 supercomputers working for 100 years, I really and truly have had better things to do than test the new randomizer. I presume that you are in the same boat Ken, as you have not admitted to testing it either. If this is the case, perhaps the wise thing to do would be to actually test it, rather than just taking the word of the manpage in 5.x that it is better? Eh? Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNAEJGFAAA.tedm>