From owner-freebsd-security@FreeBSD.ORG Tue Sep 11 06:15:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 5736C1065673; Tue, 11 Sep 2012 06:15:31 +0000 (UTC) Date: Mon, 10 Sep 2012 23:15:30 -0700 From: David O'Brien To: Doug Barton Message-ID: <20120911061530.GA77399@dragon.NUXI.org> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50493480.8060307@FreeBSD.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Ian Lepore , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 06:15:31 -0000 On Thu, Sep 06, 2012 at 04:40:48PM -0700, Doug Barton wrote: > It is way past time that you either demonstrate that your claim has > merit, or stop making it. Doug, At this point what are you asking for? * To run better_than_nothing() before feed_dev_random() with ${entropy_file}? I addressed that in Message-ID: <20120906142816.GA13179@dragon.NUXI.org>, jhb in <201209050944.38042.jhb@freebsd.org>, and RW in <20120905021248.5a17ace9@gumby.homeunix.com>. * To not run 'postrandom' to delete ${entropy_file}? I addressed that in Message-ID: <20120906142816.GA13179@dragon.NUXI.org> and <20120905203222.GA2920@dragon.NUXI.org>. Our our own sys/dev/random/nehemiah.c follows this advice: ... * key, IV and the data are all read directly from the hardware RNG. * All of these are used precisely once. */ As does OpenBSD. * To run 'ps' twice in better_than_nothing()? I've addressed that in <20120906164514.GA14757@dragon.NUXI.org> & <20120906224519.GB18953@dragon.NUXI.org>, and Ian Lepore in <1346962976.59094.187.camel@revolution.hippie.lan>. -- -- David (obrien@FreeBSD.org)