From owner-freebsd-security@FreeBSD.ORG Fri Sep 14 19:15:28 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1628E1065674 for ; Fri, 14 Sep 2012 19:15:28 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from gromit.grondar.org (grandfather.grondar.org [93.89.92.32]) by mx1.freebsd.org (Postfix) with ESMTP id C15E48FC1B for ; Fri, 14 Sep 2012 19:15:27 +0000 (UTC) Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCbHE-0004tf-8C for freebsd-security@freebsd.org; Fri, 14 Sep 2012 20:10:08 +0100 Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org) by groundzero.grondar.org with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCbDG-0002Hz-9D; Fri, 14 Sep 2012 20:06:02 +0100 To: Ben Laurie In-reply-to: References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> From: Mark Murray From: Mark Murray Date: Fri, 14 Sep 2012 20:06:02 +0100 Message-Id: Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-security@freebsd.org, RW , "Bjoern A. Zeeb" Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 19:15:28 -0000 Ben Laurie writes: > > I'll send patches (untested) in a couple of hours for discussion. > > I used to like this idea, but it can break pretty badly if you repeat > input, so in the end I decided hashes were the only safe way. What??! Have you seen how Yarrow does its harvesting?? Presupposing there is no other source of randomness to get swamped out of the way, $ cat /dev/zero > /dev/random # pretend that /dev/zero is finite length. ... is harmless, and actually adds a small bit of perturbation to the entropy. Please explain how repeating input can "break" things here? M -- Mark R V Murray Pi: 132511160