From owner-freebsd-security@FreeBSD.ORG Fri Sep 7 13:27:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 115B9106566C; Fri, 7 Sep 2012 13:27:50 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1AE2C8FC18; Fri, 7 Sep 2012 13:27:48 +0000 (UTC) Received: by eeke52 with SMTP id e52so1325708eek.13 for ; Fri, 07 Sep 2012 06:27:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=O3Xr9SEX3C4C85FaIli6eQLVnwJgFCQ+3RExdMQOh5k=; b=K7uxAQxHPvwLDv8tgE5Krn6AIpEvev9eDdcDjrVWt52DLYegbU3nSsMrC/iQzFxgf4 qXi2RIlkBQzmCH8xRaoTPtRNKidSvrU7kuW6BtXIlyro/vGJSMS/0w8trwOTw0j3Rr6J iaB2p4rtFK3KBR6rqhE9xARITpw75k6FfYOld0rDmmr81wHLOgfhvEIn/z63fQKQ24ke YXchOvS+MfGQC8ZJ/iLFaI5+M9xSLGUT2R2ob9lUsQ46UrMEZ2legIAMpB8rs0uD1pSD msb8mkvpVSPSopdCyMAFD0C3MXmdAkr8LFF/c4ZdJdW9+096EHuN1wimGGT/i+B1kntm yUAA== Received: by 10.14.204.72 with SMTP id g48mr7932692eeo.45.1347024468292; Fri, 07 Sep 2012 06:27:48 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id e42sm12763822eem.8.2012.09.07.06.27.46 (version=SSLv3 cipher=OTHER); Fri, 07 Sep 2012 06:27:47 -0700 (PDT) Date: Fri, 7 Sep 2012 14:27:42 +0100 From: RW To: Arthur Mesh Message-ID: <20120907142742.5436e72a@gumby.homeunix.com> In-Reply-To: <20120906224703.GD89120@x96.org> References: <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Doug Barton Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2012 13:27:50 -0000 On Thu, 6 Sep 2012 15:47:03 -0700 Arthur Mesh wrote: > > Once something changes you get a completely > > different sequence of yarrow cipher-keys; a counter or writing out > > a new entropy file will both do this, but OTOH so will any > > difference in harvested entropy such a sub-nanosecond difference in > > timing. > > You're correct. Are you arguing that we shouldn't recycle /entropy > after it's used? No, I was pointing out that a counter does make a difference because it *unconditionally* allows yarrow to continue working as a secure PRNG across reboots with the same secure entropy file. Replacing the entropy file is desirable if you are concerned that an attacker might gain access to it and try to reconstruct the early state of yarrow. I don't regard that as a particularly serious threat, anyone that gains root or physical access will have better things to do. I'm not averse to rewriting /entropy provided that you can guarantee that that the entropy has made it into the yarrow entropy pools and the subsequent slow reseed has completed before the new file is written out. Overwriting an entropy file that secures yarrow against remote attacks with one that might not would be a retrograde step.