Date: Tue, 11 Sep 2012 14:34:50 -0700 From: Xin Li <delphij@delphij.net> To: RW <rwmaillists@googlemail.com> Cc: Arthur Mesh <arthurmesh@gmail.com>, Doug Barton <dougb@FreeBSD.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <504FAE7A.6070907@delphij.net> In-Reply-To: <20120911222730.7f92325e@gumby.homeunix.com> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <504FA511.8050904@delphij.net> <20120911222730.7f92325e@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 14:27, RW wrote: > On Tue, 11 Sep 2012 13:54:41 -0700 Xin Li wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> On 09/11/12 12:53, RW wrote: >>> On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Smørgrav wrote: >>> >>>> Doug Barton <dougb@FreeBSD.org> writes: >>>>> 1. Pseudo-randomize the order in which we utilize the files >>>>> in /var/db/entropy >>>> >>>> There's no need for randomization if we make sure that *all* >>>> the data written to /dev/random is used, rather than just the >>>> first 4096 bytes; or that we reduce the amount of data to >>>> 4096 bytes before we write it so none of it is discarded. My >>>> gut feeling is that compression is better than hashing for >>>> that purpose, >>> >>> It's analogous to a passphrase, have you ever heard of a >>> passphrase being compressed rather than hashed? >> >> Passphrase hashing is a completely different topic, as what we >> wanted is a one-way function that can not be easily reversed, >> even when part of the passphrase is known. > > I was refering to the conversion of a passphrase to key material Did you mean the process like, deriving a master AES-128 key from an arbitrary passphrase? Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT656AAoJEG80Jeu8UPuz88kH/2dOUicwPw2yQBF5lFzljkS4 wiQbDaDKdvSFgCyPF3RJB8y91WRiDRLjuhMl84zflyVlXKUnZrf8yD649h8I/jCO 7FcZTorgSdN6BA/6lpEg6bQxhMlROInVcOIiN5uSy2FUcme34qvQXkv8P+toKXZi vsTahuvHtZdL9rYw44vZcpCyNiPx6NiBAOwPMPHmQHRuxbMlEjKwHz2rJQmnkml+ iXo7UFuF43X5Sw0HWFQzJepwNhUaD1IEWMSg8GIoO3euv2kYtn7CSHd76W39tiCk qaOBOtX0MN8JNlm/ph8bXaCA8iez63mTwj3ALRE/JkaHa0AF2U9RVJIV1Y8mR/E= =FVY0 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?504FAE7A.6070907>