From owner-freebsd-security@FreeBSD.ORG  Wed Sep 12 08:05:32 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 86218106564A;
	Wed, 12 Sep 2012 08:05:32 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 13A4314DD87;
	Wed, 12 Sep 2012 08:05:30 +0000 (UTC)
Message-ID: <5050424A.8080902@FreeBSD.org>
Date: Tue, 11 Sep 2012 22:05:30 -1000
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://www.FreeBSD.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: Arthur Mesh <arthurmesh@gmail.com>
References: <20120911061530.GA77399@dragon.NUXI.org>
	<504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no>
	<20120911205302.27484fd6@gumby.homeunix.com>
	<20120911200925.GA88456@dragon.NUXI.org>
	<504FA76A.5000209@delphij.net>
	<20120911211730.GB89188@dragon.NUXI.org>
	<504FAB87.3020701@delphij.net>
	<20120911215212.GA89515@dragon.NUXI.org>
	<504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org>
In-Reply-To: <20120911224855.GE14077@x96.org>
X-Enigmail-Version: 1.4.4
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-rc@freebsd.org, freebsd-security@freebsd.org,
	RW <rwmaillists@googlemail.com>, Dag-Erling ??? <des@des.no>, d@delphij.net
Subject: Re: svn commit: r239569 - head/etc/rc.d
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 08:05:32 -0000

On 09/11/2012 12:48 PM, Arthur Mesh wrote:
> On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote:
>> Using gzip is better than not using it though, since 4k worth of
>> compressed data is better than 4k worth of plain text because of
>> higher entropy destiny (note that the FreeBSD gzip uses 64K of
>> input/output buffer for compression by the way so maybe only the first
>> 64K is meaningful if we take only 4k of output).
> 
> Since there is 1:1 correspondence between compressed and uncompressed
> data, entropy should be the same in both. I am not sure it's better to
> use compression than not -- you do end up seeding fewer bytes to yarrow,
> but you spend more CPU cycles compressing it...

Arthur is right here on both counts. We considered both compression and
hashing 12 years ago and rejected them for these reasons.

Arthur is also correct that fixing the process of feeding the entropy
into the device (on either the input end, the receiving end, or both) is
the right answer.

David is also right about at least one thing, please actually read the
Yarrow paper before making suggestions. We're wasting a lot of time with
things that are irrelevant at best.

Doug