Date: Wed, 12 Sep 2012 12:34:32 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120912123432.79310a3c@gumby.homeunix.com> In-Reply-To: <504FC2BD.6070402@delphij.net> References: <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Sep 2012 16:01:17 -0700 Xin Li wrote: > Well, 1:1 correspondence is when we fed full text to /dev/random, > which we don't, right? Only the first 4K gets consumed. So: > > Situation 1: we have 45K of plain text, and only first 4k is fed to > /dev/random at about 5 bits of entropy per byte; > > Situation 2: we have 45K of plain text, compress to e.g. 25K and only > first 4k is fed to /dev/random at more than 7.6 bits of entropy per > byte; > > Therefore I think Situation 2 is better than situation 1. It's marginally better, but still a very poor solution. You still lose most of the entropy, and you still end up with a substantial risk of there being no buffers available for /entropy. Situation 3: use a hash; all the entropy (up to an overkill amount) ends up in yarrow, most of the buffer space is left for /entropy. Compression solves neither of the two problem - hashing solves both.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120912123432.79310a3c>