Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Sep 2012 23:01:57 +0100
From:      RW <rwmaillists@googlemail.com>
To:        obrien@freebsd.org
Cc:        Mesh <arthurmesh@gmail.com>, Doug Barton <dougb@freebsd.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Arthur
Subject:   Re: svn commit: r239569 - head/etc/rc.d
Message-ID:  <20120906230157.5307a21f@gumby.homeunix.com>
In-Reply-To: <20120906174247.GB13179@dragon.NUXI.org>
References:  <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 Sep 2012 10:42:47 -0700
David O'Brien wrote:

> On Wed, Sep 05, 2012 at 08:07:54AM +1000, Peter Jeremy wrote:
> > >What if, instead of replacing /entropy, we add an additional file
> > >in /var/db/entropy at boot time that is numerically 1 higher than
> > >$entropy_save_num ?



> > That sounds like a reasonable idea.
> 
> I don't see what that adds or fixes.  It does not correct the
> possible reuse of seed material.  

Reusing a secure entropy file is only a problem if the complete history
of yarrow, from boot until some significant output, is exactly the same
as on a previous boot. Once something changes you get a completely
different sequence of yarrow cipher-keys; a counter or writing out
a new entropy file will both do this, but OTOH so will any difference in
harvested entropy such a sub-nanosecond difference in timing.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120906230157.5307a21f>