From owner-freebsd-security@FreeBSD.ORG Fri Jul 18 21:57:40 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5AF8B2FF for ; Fri, 18 Jul 2014 21:57:40 +0000 (UTC) Received: from mail-qa0-x22b.google.com (mail-qa0-x22b.google.com [IPv6:2607:f8b0:400d:c00::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D2E3238F for ; Fri, 18 Jul 2014 21:57:40 +0000 (UTC) Received: by mail-qa0-f43.google.com with SMTP id w8so3434659qac.2 for ; Fri, 18 Jul 2014 14:57:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=5E3N9G7BqZHcomE/qijZ01R0N2dFXI9fr5+VgIn4C14=; b=OIxFfwqx06eRZfPGvVIWuQjJT39jF2g0fnfVjVlh2x/c3Ant6a8sidOvG1ioSQSUNe x/gPk1h65wg7D57/jkYWJ1HMOLfHxqc99Gt0eC2tbwgaDF5cih02pP0+CEw47oAmugY0 uHGuGRSW/ytY28pnn7M3oekk4g2nZy/uP43L4k26iYDSTJKoL1do+yNLalc4nP0OcEZX qz7AKA+v7gROhyBEWyOTFN0JivUTzHkuc/3oBQCdAriiKWaphkkei/nCgrGYKTZ1tf1M EJYvQtrD9oNx1hZd4Cn4crV6bnstOzwUruA7GZc5C7fDDUlqKuhhTev7lp2RpHkib4FI A4PQ== MIME-Version: 1.0 X-Received: by 10.224.129.130 with SMTP id o2mr13544580qas.64.1405720659199; Fri, 18 Jul 2014 14:57:39 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.96.222.168 with HTTP; Fri, 18 Jul 2014 14:57:39 -0700 (PDT) In-Reply-To: <53C85F42.1000704@pyro.eu.org> References: <53C85F42.1000704@pyro.eu.org> Date: Fri, 18 Jul 2014 22:57:39 +0100 X-Google-Sender-Auth: 1CkjCmnG2gk8COXnUTFN1UCkT5I Message-ID: Subject: Re: Speed and security of /dev/urandom From: Ben Laurie To: Steven Chamberlain Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-security@freebsd.org security" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2014 21:57:40 -0000 On 18 July 2014 00:41, Steven Chamberlain wrote: > So I wonder, could a simplified arc4random for FreeBSD use Yarrow > directly, to avoid making any of these sorts of mistakes we've seen? Discovering that its OK to use this mechanism seems as vulnerable to mistakes as the mistakes we've seen. I don't have good suggestions on how to fix this.