Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Sep 2012 18:47:07 +0100
From:      Ben Laurie <benl@freebsd.org>
To:        =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no>
Cc:        freebsd-security@freebsd.org, Doug Barton <dougb@freebsd.org>
Subject:   Re: rc.d/postrandom
Message-ID:  <CAG5KPzzsHxErOho3BkqFL2M_OtimFfQB_OKG-9myQ2gm3-xgQA@mail.gmail.com>
In-Reply-To: <86haqnsrx2.fsf@ds4.des.no>
References:  <505FDA03.5020207@FreeBSD.org> <86haqnsrx2.fsf@ds4.des.no>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 24, 2012 at 10:15 AM, Dag-Erling Sm=F8rgrav <des@des.no> wrote:
> Doug Barton <dougb@FreeBSD.org> writes:
>> If you disagree with what this script is doing, please speak up.
>
> Do you mean initrandom?  I dislike it only slightly less now than I did
> before.  I hope Pawel's patch works out so we can nuke it.\

He means postrandom. Which deletes all saved entropy because of fear
of replay attacks.

IMO, this doesn't make much sense - if you don't have sufficient fresh
entropy to mix into the pool, then deleting your saved entropy makes
you more vulnerable, not less. And if you do, you're not vulnerable
anyway.

So, I'm with Dough on this one.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzzsHxErOho3BkqFL2M_OtimFfQB_OKG-9myQ2gm3-xgQA>