Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Sep 2012 15:47:03 -0700
From:      Arthur Mesh <arthurmesh@gmail.com>
To:        RW <rwmaillists@googlemail.com>
Cc:        freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Doug Barton <dougb@freebsd.org>, Peter Jeremy <peter@rulingia.com>, obrien@freebsd.org
Subject:   Re: svn commit: r239569 - head/etc/rc.d
Message-ID:  <20120906224703.GD89120@x96.org>
In-Reply-To: <20120906230157.5307a21f@gumby.homeunix.com>
References:  <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2012 at 11:01:57PM +0100, RW wrote:
> Reusing a secure entropy file is only a problem if the complete history
> of yarrow, from boot until some significant output, is exactly the same
> as on a previous boot.

Not sure I agree. It's not the only problem. It's the worst problem;
in the situation you describe, you'll end up with identical output from
/dev/random.

> Once something changes you get a completely
> different sequence of yarrow cipher-keys; a counter or writing out
> a new entropy file will both do this, but OTOH so will any difference in
> harvested entropy such a sub-nanosecond difference in timing.

You're correct. Are you arguing that we shouldn't recycle /entropy after
it's used?  If so, why are you okay with making life easier for active
attackers?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120906224703.GD89120>