Date: Mon, 3 Sep 2012 01:31:20 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120903013120.262a34fc@gumby.homeunix.com> In-Reply-To: <20120903005708.7082f230@gumby.homeunix.com> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903005708.7082f230@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Sep 2012 00:57:08 +0100 RW wrote: > On Sun, 02 Sep 2012 15:20:31 -0700 > Doug Barton wrote: > > > On 08/22/2012 11:43, David E. O'Brien wrote: > > > Author: obrien > > > Date: Wed Aug 22 18:43:21 2012 > > > New Revision: 239569 > > > URL: http://svn.freebsd.org/changeset/base/239569 > > > > > > Log: > > > Remove old entropy seeding after consumption > > > initializing /dev/random PRNG. Not doing so opens us up to replay > > > attacks. > > > > I object to this change, and would like to see it discussed more. > > > No entropy file is effectively equivalent to a known file and anything > is better than that. Simply writing out a new version of /entropy > would be better. > > > The more significant problem is that initrandom dumps some very > low-grade entropy into /dev/random before the entropy file (see > below). Since /dev/random has very limited buffering, and processes > the buffers in a timed loop, it's almost certain that the first > entropy file is completely discarded. IMO the order should be > reversed or the low-grade stuff should be piped through sha256. I see that in CURRENT the order is reversed, but it's still repeating the same problem of saturating the buffers. Now most of of the low-grade entropy is going to be lost include the date, which in almost all cases would have eliminated any problem with a reused entropy file.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120903013120.262a34fc>