Date: Wed, 25 Dec 2013 18:46:11 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: [PATCH RFC] Disable save-entropy in jails Message-ID: <20131225184611.5acbd23e@gumby.homeunix.com> In-Reply-To: <52BA2125.8050404@delphij.net> References: <52B9F232.1090002@delphij.net> <278988C7-1749-413D-A5E2-ABE6753B3766@proper.com> <52BA1065.6000403@delphij.net> <A84590F3-3B6D-4D6F-AF4C-F261C82B88AF@proper.com> <52BA2125.8050404@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Dec 2013 16:04:53 -0800 Xin Li wrote: > When reading from /dev/random, one essentially consumes entropy that > is fed into the random device, and eventually it would cause a reseed. Reads don't trigger reseeds in Yarrow. And both Yarrow and Fortuna are designed so this isn't a problem. In any case reads that aren't under the control of an unprivileged attacker make it harder to perform a state-extension attack, not easier. This kind of thing shouldn't be an issue for any non-blocking random device that isn't quite badly broken. If it were, it would be better to fix the device.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131225184611.5acbd23e>