From owner-cvs-all Tue Oct 24 7:25:17 2000 Delivered-To: cvs-all@freebsd.org Received: from warning.follo.net (warning.follo.net [195.204.136.30]) by hub.freebsd.org (Postfix) with ESMTP id 944B237B479; Tue, 24 Oct 2000 07:25:11 -0700 (PDT) Received: (from eivind@localhost) by warning.follo.net (8.9.3/8.9.3) id QAA34835; Tue, 24 Oct 2000 16:24:46 +0200 (CEST) Date: Tue, 24 Oct 2000 16:24:45 +0200 From: Eivind Eklund To: Warner Losh Cc: Mark Murray , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc rc Message-ID: <20001024162445.A58246@warning.follo.net> References: <20001024124057.A4309@skriver.dk> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <20001023081548.A41843@bsdwins.com> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <200010232321.RAA11268@harmony.village.org> <20001024124057.A4309@skriver.dk> <200010241256.GAA15067@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010241256.GAA15067@harmony.village.org>; from imp@village.org on Tue, Oct 24, 2000 at 06:56:25AM -0600 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Oct 24, 2000 at 06:56:25AM -0600, Warner Losh wrote: > In message <20001024124057.A4309@skriver.dk> Jesper Skriver writes: > : On Mon, Oct 23, 2000 at 05:21:49PM -0600, Warner Losh wrote: > : I have a idea, what about updating /entropy from cron every hour or so, > : then if the box goes down hard for some reason, we'll have a entropy > : file anyway ... > > This is bad because it exposes the state, the current state, of the > yarrow random engine to the world. It is too insecure, imho, to do on > a regular basis. I had this same idea at bsdcon and this was pointed > out. Can't we just crypt the data with a strong cipher (or, preferably, two or three strong ciphers) and a key aquired by using random data from Yarrow before writing it out? That would not expose state, assuming we trust the cipher combination we use, and Yarrow is capable of generating random numbers. It would have a very slight information leak - an attacker would be able to confirm a guess at the Yarrow state - but I don't think that would be a problem (but I'd welcome the opinions of others that know more details of our implementation.) I'd not like to write it to swap without encryption; I do not want access to swap to help in recovering previous Yarrow state. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message