Date: Mon, 25 Jul 2005 15:37:02 -0700 From: Nate Lawson <nate@root.org> To: "Matthew D. Fuller" <fullermd@over-yonder.net> Cc: Poul-Henning Kamp <phk@haven.freebsd.dk>, src-committers@FreeBSD.org, "Andrey A. Chernov" <ache@FreeBSD.org>, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org, Colin Percival <cperciva@FreeBSD.org>, Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: Re: cvs commit: src/games/fortune/fortune fortune.c Message-ID: <42E5698E.80501@root.org> In-Reply-To: <20050725202519.GG32805@over-yonder.net> References: <20050724135738.GM46538@darkness.comp.waw.pl> <64009.1122213962@phk.freebsd.dk> <20050725202519.GG32805@over-yonder.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew D. Fuller wrote:
> On Sun, Jul 24, 2005 at 04:06:02PM +0200 I heard the voice of
> Poul-Henning Kamp, and lo! it spake thus:
>
>>Anyway, back in this universe: We should not stick a lot of stuff
>>into our boot-time scripts, they are slow enough already.
>
>
> If it doesn't consume to much in its testing, it seems a logical
> candidate for one of the nightly or weekly runs.
Unfortunately, it won't actually buy us anything on the security front.
The entropy stored in / used to seed the PRNG has already been run
through SHA-1. And the output of the PRNG is obviously already run
through SHA-1 also. So any automatic test will not be able to
distinguish the quality of the entropy from that of a simple counter.
--
Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E5698E.80501>