From owner-freebsd-security@FreeBSD.ORG  Fri Sep 19 05:43:24 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D8AC616A4B3; Fri, 19 Sep 2003 05:43:24 -0700 (PDT)
Received: from amsfep15-int.chello.nl (amsfep15-int.chello.nl [213.46.243.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1514A43F3F; Fri, 19 Sep 2003 05:43:23 -0700 (PDT)
	(envelope-from dodell@sitetronics.com)
Received: from sitetronics.com ([213.46.142.207]) by amsfep15-int.chello.nl
          (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP
          id <20030919124321.SDPN6169.amsfep15-int.chello.nl@sitetronics.com>;
          Fri, 19 Sep 2003 14:43:21 +0200
Message-ID: <3F6AF99A.2050607@sitetronics.com>
Date: Fri, 19 Sep 2003 14:42:02 +0200
From: "Devon H. O'Dell" <dodell@sitetronics.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Mark Murray <markm@freebsd.org>
References: <200309190807.h8J875fq006577@grimreaper.grondar.org>
In-Reply-To: <200309190807.h8J875fq006577@grimreaper.grondar.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-security@freebsd.org
Subject: Re: [Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2003 12:43:25 -0000

Mark Murray wrote:

>"David G. Andersen" writes:
>  
>
>>   You're mistaken.  /dev/random stops feeding you random bits
>>when it doesn't have enough.  /dev/urandom depletes the entropy
>>pool, but when it starts to run out, it falls back to hashing
>>to generate pseudo-random sequences from the random bits that
>>it can obtain.
>>    
>>
>
>Mostly correct :-).
>
>/dev/urandom (in FreeBSD-4-*) always hashes the pool. It doesn't care
>whether or not entropy has been harvested first, unlike /dev/random
>which requires a positive entropy count before suppying output.
>(This provides a doozy of a DoS, BTW, where "cat /dev/urandom > /dev/null"
>renders /dev/random useless).
>
>M
>--
>Mark Murray
>iumop ap!sdn w,I idlaH
>  
>
Well, I'm glad to have gotten these several comments; I wasn't quite 
sure how it worked. Nice to see that the Yarrow is being used in 5.x :)

--Devon