Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 12 Sep 2012 12:34:32 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: svn commit: r239569 - head/etc/rc.d
Message-ID:  <20120912123432.79310a3c@gumby.homeunix.com>
In-Reply-To: <504FC2BD.6070402@delphij.net>
References:  <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Sep 2012 16:01:17 -0700
Xin Li wrote:


> Well, 1:1 correspondence is when we fed full text to /dev/random,
> which we don't, right?  Only the first 4K gets consumed.  So:
> 
> Situation 1: we have 45K of plain text, and only first 4k is fed to
> /dev/random at about 5 bits of entropy per byte;
> 
> Situation 2: we have 45K of plain text, compress to e.g. 25K and only
> first 4k is fed to /dev/random at more than 7.6 bits of entropy per
> byte;
> 
> Therefore I think Situation 2 is better than situation 1.

It's marginally better, but still a very poor solution. You still
lose most of the entropy, and you still end up with a substantial risk
of there being no buffers available for /entropy.

Situation 3: use a hash; all the entropy (up to an overkill amount) ends
up in yarrow, most of the buffer space is left for /entropy.


Compression solves neither of the two problem - hashing solves both.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120912123432.79310a3c>