From owner-cvs-all  Tue Oct 24  8:28:18 2000
Delivered-To: cvs-all@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP
	id C4AD437B479; Tue, 24 Oct 2000 08:28:15 -0700 (PDT)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.9.3/8.9.3) id IAA58585;
	Tue, 24 Oct 2000 08:29:20 -0700 (PDT)
Date: Tue, 24 Oct 2000 08:29:20 -0700
From: Kris Kennaway <kris@citusc.usc.edu>
To: Warner Losh <imp@village.org>
Cc: Jesper Skriver <jesper@skriver.dk>,
	Mark Murray <mark@grondar.za>, "John W. De Boskey" <jwd@FreeBSD.org>,
	"Jordan K. Hubbard" <jkh@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/etc rc
Message-ID: <20001024082920.C58506@citusc17.usc.edu>
References: <20001024124057.A4309@skriver.dk> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <20001023081548.A41843@bsdwins.com> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <200010232321.RAA11268@harmony.village.org> <20001024124057.A4309@skriver.dk> <200010241256.GAA15067@harmony.village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200010241256.GAA15067@harmony.village.org>; from imp@village.org on Tue, Oct 24, 2000 at 06:56:25AM -0600
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Oct 24, 2000 at 06:56:25AM -0600, Warner Losh wrote:

> This is bad because it exposes the state, the current state, of the
> yarrow random engine to the world.  It is too insecure, imho, to do on
> a regular basis.  I had this same idea at bsdcon and this was pointed
> out.

This isn't the state we're writing out here, but the next output of
the Yarrow engine, so it doesnt tell you any more than does reading
from Yarrow for the same amount of data.

In fact the Yarrow paper suggests that a seed be written out
periodically to persistent store. ISTR Mark told me of his plans to do
the crontab thing at bsdcon.

Of course, it still doesnt cover the really important case, namely an
out of box install or what happens if the entropy file gets deleted.

I forget who it was who suggested we might be able to do this at
sysinstall time prior to the reboot (well, if device RANDOM was back
in the kernel config where it needs to be :-)

Kris


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message