Date: Fri, 14 Sep 2012 17:25:59 +0100 From: Ben Laurie <benl@freebsd.org> To: RW <rwmaillists@googlemail.com> Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, Doug Barton <dougb@freebsd.org>, freebsd-security@freebsd.org, "Bjoern A. Zeeb" <bz@freebsd.org> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <CAG5KPzyHkR_n8O38gqx8mLFykhur4BORWmG17BVpx9Hruktfig@mail.gmail.com> In-Reply-To: <20120914154617.39025ac0@gumby.homeunix.com> References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> <alpine.BSF.2.00.1209131258210.13080@ai.fobar.qr> <alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr> <CAG5KPzyngKFNMoPKmfKg%2BQLkGPj0oMX8YYp0qQNHgKTSH4afHQ@mail.gmail.com> <20120914154617.39025ac0@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 14, 2012 at 3:46 PM, RW <rwmaillists@googlemail.com> wrote: > On Fri, 14 Sep 2012 14:43:53 +0100 > Ben Laurie wrote: > >> On Fri, Sep 14, 2012 at 2:38 PM, Bjoern A. Zeeb <bz@freebsd.org> >> wrote: >> > 7) send all data to the kernel and hash (arch dependent?) it + >> > counter value into the buffer on overflow, as in b[n] = H(b[n] + c >> > + i[n]) in the kernel >> > (can control when buffer full and only then take action when >> > needed, indepedent on how seed data is chosen, uses standard >> > technology) >> >> IMO, this is the only good option. > > No it isn't. I means that the hashing is unconditional, so anyone that > needs a faster boot needs to patch the kernel. Has anyone measured the cost of doing this? Also, if you really want to turn it off, we could provide a flag. > It has no advantage > whatsoever over a minor change to initrandom. It absolutely has. It applies to all inputs to /dev/random, not just those that come from initrandom. Also, should something get to write to it before initrandom, initrandom's input would still be used.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzyHkR_n8O38gqx8mLFykhur4BORWmG17BVpx9Hruktfig>