Date: Thu, 20 Sep 2012 23:01:33 +0100 From: RW <rwmaillists@googlemail.com> To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20120920230133.55b63dea@gumby.homeunix.com> In-Reply-To: <86sjadt677.fsf@ds4.des.no> References: <20120918211422.GA1400@garage.freebsd.pl> <867grqm3pt.fsf@ds4.des.no> <20120919184758.28589516@gumby.homeunix.com> <86sjadt677.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Sep 2012 11:05:32 +0200 Dag-Erling Sm=F8rgrav wrote: > RW <rwmaillists@googlemail.com> writes: > > Dag-Erling Sm=F8rgrav <des@des.no> writes: > > > I would also suggest modifying yarrow to block reseeding as long > > > as possible, ideally right up until the first time something asks > > > for a random number, since reseeding throws away all accumulated > > > entropy. > > reseeding doesn't throw away entropy >=20 > Yes, it does. Would you elaborate? I don't see what you mean by that? When yarrow reseeds, the previous generator key is hashed with the pool[s], into the new key. They key will therefore *accumulate* entropy across multiple reseeds.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120920230133.55b63dea>