Date: Thu, 6 Sep 2012 15:47:03 -0700 From: Arthur Mesh <arthurmesh@gmail.com> To: RW <rwmaillists@googlemail.com> Cc: freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Doug Barton <dougb@freebsd.org>, Peter Jeremy <peter@rulingia.com>, obrien@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120906224703.GD89120@x96.org> In-Reply-To: <20120906230157.5307a21f@gumby.homeunix.com> References: <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2012 at 11:01:57PM +0100, RW wrote: > Reusing a secure entropy file is only a problem if the complete history > of yarrow, from boot until some significant output, is exactly the same > as on a previous boot. Not sure I agree. It's not the only problem. It's the worst problem; in the situation you describe, you'll end up with identical output from /dev/random. > Once something changes you get a completely > different sequence of yarrow cipher-keys; a counter or writing out > a new entropy file will both do this, but OTOH so will any difference in > harvested entropy such a sub-nanosecond difference in timing. You're correct. Are you arguing that we shouldn't recycle /entropy after it's used? If so, why are you okay with making life easier for active attackers?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120906224703.GD89120>