Date: Thu, 6 Sep 2012 23:01:57 +0100 From: RW <rwmaillists@googlemail.com> To: obrien@freebsd.org Cc: Mesh <arthurmesh@gmail.com>, Doug Barton <dougb@freebsd.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Arthur Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120906230157.5307a21f@gumby.homeunix.com> In-Reply-To: <20120906174247.GB13179@dragon.NUXI.org> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 Sep 2012 10:42:47 -0700 David O'Brien wrote: > On Wed, Sep 05, 2012 at 08:07:54AM +1000, Peter Jeremy wrote: > > >What if, instead of replacing /entropy, we add an additional file > > >in /var/db/entropy at boot time that is numerically 1 higher than > > >$entropy_save_num ? > > That sounds like a reasonable idea. > > I don't see what that adds or fixes. It does not correct the > possible reuse of seed material. Reusing a secure entropy file is only a problem if the complete history of yarrow, from boot until some significant output, is exactly the same as on a previous boot. Once something changes you get a completely different sequence of yarrow cipher-keys; a counter or writing out a new entropy file will both do this, but OTOH so will any difference in harvested entropy such a sub-nanosecond difference in timing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120906230157.5307a21f>