From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:04:45 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 44F96106566B; Tue, 11 Sep 2012 21:04:45 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 1E8D68FC08; Tue, 11 Sep 2012 21:04:44 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id B42BE1EBB7; Tue, 11 Sep 2012 14:04:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347397484; bh=mhO0dFjCC9N6eJ4ohzIUyXX0OCPschn1TilV0NQd2MQ=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=LcAzO0+mGmqNrUuQ1Hl0eJKFnUUPgdXfqQXnCF6yW87fdyVRCO37NXlgG43fV8kqA ljIXwb+R2VQOzFDC8Ee2QibnIcASeZWNrI4KqMVRd9/OJNz3h0OZccmmRCUVdK4eB/ oDrNEbvcmtAlqCiHVlRx7wDthBoEuPju6V8sQcrw= Message-ID: <504FA76A.5000209@delphij.net> Date: Tue, 11 Sep 2012 14:04:42 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: obrien@freebsd.org References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> In-Reply-To: <20120911200925.GA88456@dragon.NUXI.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , =?UTF-8?B?bGluZyDvv70=?= , =?UTF-8?B?RGFnLUVy?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:04:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 13:09, David O'Brien wrote: > On Tue, Sep 11, 2012 at 08:53:02PM +0100, RW wrote: >> On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Sm�rgrav wrote: >>> so none of it is discarded. My gut feeling is that compression >>> is better than hashing for that purpose, >> >> It's analogous to a passphrase, have you ever heard of a >> passphrase being compressed rather than hashed? >> >> The only good reason for compression is if compression+hashing >> is faster than hashing, and that sounds unlikely. > > Good to see someone have thoughts on this. I've only seen it stated > that entropy passes thru mostly "untouched" thru a cryptographic > hash in the literature. I haven't seen anything mentioned about > entropy thru a compression algorithm other than as an estimation of > entropy. I believe the cryptographic hash used here is to utilize the "Avalanche Effect" so that one bit worth of change would result in a big difference in the final output. Note that, just by hashing does not increase the possible states of the RNG, though, let's say if we have only 256 possible inputs, we get only 256 possible output series regardless how many bits are there in the hash output (assuming the output is wider than 8 bits). So if I was to implement the low grade part I'd remove the variable names from the sysctl output at minimum. This gives more entropy regardless if we use compression or not. >> You all seem to be making very heavy weather of this - all that's >> needed is to pass the low-grade stuff through a hash of your >> choice and then follow that with the entropy file to fill-up the >> remaining 4k. > > Or fill-up the 4k buffers with high-quality entropy, and add in > the low-grade stuff if there is room. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT6dqAAoJEG80Jeu8UPuzIcEIALzoFeMyq1A7YcISA5n7sfuh OgEsx3x0CoDDbFbzpQXwxQb7bnMOZL19Ee2gCAJYtaatOVpwiIlpb223Wsh2vSYj xBgUmZtZQUf8jNtsoC/ywUKzxfsmdHMqrMEW6e5QMioC416ry2mOSzSYQ3NNzegy dgclFcFPaw9WJW3e4+6gi83HLBBH0wn6xOdlIA6VyUXANxG4QT7CiRMJR0anx9RA Ij6PRL4c2HMrlgChv2fwSUpsxKvm0IU4WPQBGVqzMJtjkrxjd76HVLnSKIIOPKzK ZUxFich/xZaMqYAb+JL+mJ8zu9uB51eLqs+2qUzFx722FT3XyBTUq3jI3MSMlRo= =4r/6 -----END PGP SIGNATURE-----