From owner-freebsd-current Fri Oct 20 13:14:47 2000 Delivered-To: freebsd-current@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id DE68637B479 for ; Fri, 20 Oct 2000 13:14:43 -0700 (PDT) Received: (from ache@localhost) by nagual.pp.ru (8.11.1/8.11.1) id e9KKECI26644; Sat, 21 Oct 2000 00:14:13 +0400 (MSD) (envelope-from ache) Date: Sat, 21 Oct 2000 00:14:09 +0400 From: =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= To: Mark Murray Cc: current@FreeBSD.ORG Subject: Re: entropy reseeding is totally broken Message-ID: <20001021001408.A26496@nagual.pp.ru> References: <20001020202753.A24895@nagual.pp.ru> <200010201706.e9KH6bn02155@grimreaper.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010201706.e9KH6bn02155@grimreaper.grondar.za>; from mark@grondar.za on Fri, Oct 20, 2000 at 10:06:37AM -0700 Organization: Biomechanoid Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Oct 20, 2000 at 10:06:37AM -0700, Mark Murray wrote: > > It seems I find the problem area. 4096 bytes written in rc.shutdown are > > not enough for reseeding. When I change them to 16384 bytes, it works! > > I'll commit working rc.shutdown variant. > > This is bogus. > > _Any_ randomness written to /dev/random is good enough to perturb the > sequence. > > Please do _not_ make that commit. Oops, sorry, already commited (I was not thinking it is principal, but it really fix potential security hole). I can back it out if you wish. But anything less then 16384 not reseed it. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message