Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Oct 2000 08:29:20 -0700
From:      Kris Kennaway <kris@citusc.usc.edu>
To:        Warner Losh <imp@village.org>
Cc:        Jesper Skriver <jesper@skriver.dk>, Mark Murray <mark@grondar.za>, "John W. De Boskey" <jwd@FreeBSD.org>, "Jordan K. Hubbard" <jkh@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/etc rc
Message-ID:  <20001024082920.C58506@citusc17.usc.edu>
In-Reply-To: <200010241256.GAA15067@harmony.village.org>; from imp@village.org on Tue, Oct 24, 2000 at 06:56:25AM -0600
References:  <20001024124057.A4309@skriver.dk> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <20001023081548.A41843@bsdwins.com> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <200010232321.RAA11268@harmony.village.org> <20001024124057.A4309@skriver.dk> <200010241256.GAA15067@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Oct 24, 2000 at 06:56:25AM -0600, Warner Losh wrote:

> This is bad because it exposes the state, the current state, of the
> yarrow random engine to the world.  It is too insecure, imho, to do on
> a regular basis.  I had this same idea at bsdcon and this was pointed
> out.

This isn't the state we're writing out here, but the next output of
the Yarrow engine, so it doesnt tell you any more than does reading
from Yarrow for the same amount of data.

In fact the Yarrow paper suggests that a seed be written out
periodically to persistent store. ISTR Mark told me of his plans to do
the crontab thing at bsdcon.

Of course, it still doesnt cover the really important case, namely an
out of box install or what happens if the entropy file gets deleted.

I forget who it was who suggested we might be able to do this at
sysinstall time prior to the reboot (well, if device RANDOM was back
in the kernel config where it needs to be :-)

Kris


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001024082920.C58506>