Date: Fri, 19 Sep 2003 14:42:02 +0200 From: "Devon H. O'Dell" <dodell@sitetronics.com> To: Mark Murray <markm@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: [Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh] Message-ID: <3F6AF99A.2050607@sitetronics.com> In-Reply-To: <200309190807.h8J875fq006577@grimreaper.grondar.org> References: <200309190807.h8J875fq006577@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray wrote: >"David G. Andersen" writes: > > >> You're mistaken. /dev/random stops feeding you random bits >>when it doesn't have enough. /dev/urandom depletes the entropy >>pool, but when it starts to run out, it falls back to hashing >>to generate pseudo-random sequences from the random bits that >>it can obtain. >> >> > >Mostly correct :-). > >/dev/urandom (in FreeBSD-4-*) always hashes the pool. It doesn't care >whether or not entropy has been harvested first, unlike /dev/random >which requires a positive entropy count before suppying output. >(This provides a doozy of a DoS, BTW, where "cat /dev/urandom > /dev/null" >renders /dev/random useless). > >M >-- >Mark Murray >iumop ap!sdn w,I idlaH > > Well, I'm glad to have gotten these several comments; I wasn't quite sure how it worked. Nice to see that the Yarrow is being used in 5.x :) --Devon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F6AF99A.2050607>