From owner-freebsd-security@FreeBSD.ORG Wed Sep 19 17:48:11 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 40E6D106568A for ; Wed, 19 Sep 2012 17:48:11 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id C3D858FC14 for ; Wed, 19 Sep 2012 17:48:10 +0000 (UTC) Received: by eeke52 with SMTP id e52so601778eek.13 for ; Wed, 19 Sep 2012 10:48:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=kuyaYNCtYmExgSf5pv1ysb7cLfLAWgdK8WeYLQnSz54=; b=bxV8C/SnvKa1MMffZQbAwJ6ZnedN2lZ21bBWFW37c/Ue55DQvAKxXUq8FNMsGK63hn 8lY/Md813oQlZDnjUtvBwg8Ty2L/BnFy/XeYZdTpu6VevbhNCXR23WEt3YJUwCWPJy2k QkzBSKkAnARIGBBvD/I9HgPvxI7O0eUCpBd9cOCYReBLPb76H1zZdm3ePcxErEAkdMD+ KOZAfePBASQKHi0qqJRV4SojoIuOZ+6Qf+KDo9+ECdvlkB4OihZg1TqA5IEx/+1GM4UN +1uzIPi2ewk1xhsNkv9Gp/tsNmwR0q8M+0ZsOBibgdewLkQ2G0cwXcmaI4i+xQqVhvrf PpUg== Received: by 10.14.182.134 with SMTP id o6mr4472214eem.26.1348076883922; Wed, 19 Sep 2012 10:48:03 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id e7sm9084649eep.2.2012.09.19.10.48.00 (version=SSLv3 cipher=OTHER); Wed, 19 Sep 2012 10:48:02 -0700 (PDT) Date: Wed, 19 Sep 2012 18:47:58 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120919184758.28589516@gumby.homeunix.com> In-Reply-To: <867grqm3pt.fsf@ds4.des.no> References: <20120918211422.GA1400@garage.freebsd.pl> <867grqm3pt.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2012 17:48:11 -0000 On Wed, 19 Sep 2012 17:28:46 +0200 Dag-Erling Sm=F8rgrav wrote: =20 > I would also suggest modifying yarrow to block reseeding as long as > possible, ideally right up until the first time something asks for a > random number, since reseeding throws away all accumulated entropy. reseeding doesn't throw away entropy it just resets the counters, after initrandom forces a slow reseed all of the accumulated entropy (up to 256 bits) is in the generator.