Date: Mon, 24 Sep 2012 18:47:07 +0100 From: Ben Laurie <benl@freebsd.org> To: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, Doug Barton <dougb@freebsd.org> Subject: Re: rc.d/postrandom Message-ID: <CAG5KPzzsHxErOho3BkqFL2M_OtimFfQB_OKG-9myQ2gm3-xgQA@mail.gmail.com> In-Reply-To: <86haqnsrx2.fsf@ds4.des.no> References: <505FDA03.5020207@FreeBSD.org> <86haqnsrx2.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 24, 2012 at 10:15 AM, Dag-Erling Sm=F8rgrav <des@des.no> wrote: > Doug Barton <dougb@FreeBSD.org> writes: >> If you disagree with what this script is doing, please speak up. > > Do you mean initrandom? I dislike it only slightly less now than I did > before. I hope Pawel's patch works out so we can nuke it.\ He means postrandom. Which deletes all saved entropy because of fear of replay attacks. IMO, this doesn't make much sense - if you don't have sufficient fresh entropy to mix into the pool, then deleting your saved entropy makes you more vulnerable, not less. And if you do, you're not vulnerable anyway. So, I'm with Dough on this one.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzzsHxErOho3BkqFL2M_OtimFfQB_OKG-9myQ2gm3-xgQA>