From owner-freebsd-security@FreeBSD.ORG Sat Sep 15 10:51:57 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FC5A1065675; Sat, 15 Sep 2012 10:51:57 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id AA6258FC15; Sat, 15 Sep 2012 10:51:56 +0000 (UTC) Received: by vbmv11 with SMTP id v11so221617vbm.13 for ; Sat, 15 Sep 2012 03:51:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=uZP3cCBNOFxIc4Qkm0sl56USkVG/ite2FQ52b/VdnHE=; b=BDLn3Po7WeHD9zK86mIeqJCjx+1WuUpZro3mFtOLQM7tepOs7n5LazsPm+qQgoM7IF mKyp6Uv46y5NmzDjnh5YDy+XegXI9CP07ottnQ2yiKAYdvCiNkDuquVJJ7AzntnaCpkO yTAQdrcstyFkqjcW/dFFwRNfO29i5reysIrdocT88jHvllOdEB4nOu6tW7MHwsEALgJ6 tDVT9WESTAq86i+Zvx9L5FDXt4GohXRxj71l00bf8SOADkbZ64wC8GGn6SyewaszMbi5 aD3K98l2eR+AwvI8k99HWQje49NkRS73bjRJ5pgbAJa7atEp22cAogC0GuTQBaaMt/9y r0Jw== MIME-Version: 1.0 Received: by 10.52.180.66 with SMTP id dm2mr1004283vdc.1.1347706315815; Sat, 15 Sep 2012 03:51:55 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.58.79.243 with HTTP; Sat, 15 Sep 2012 03:51:55 -0700 (PDT) In-Reply-To: References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> Date: Sat, 15 Sep 2012 11:51:55 +0100 X-Google-Sender-Auth: OJKSUnsEIwXnYLyvWEG3LWpN-84 Message-ID: From: Ben Laurie To: Mark Murray Content-Type: text/plain; charset=ISO-8859-1 Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-security@freebsd.org, RW , "Bjoern A. Zeeb" Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Sep 2012 10:51:57 -0000 On Sat, Sep 15, 2012 at 11:36 AM, Mark Murray wrote: > Ben Laurie writes: >> My point here is that you don't have full control of the inputs >> to /dev/random, so assuming that they take some particular form >> seems like a mistake to me - the aim, I would hope, would be to >> extract available entropy from whatever inputs you get, regardless of >> quality. So, the argument against xor is that it is possible for a >> careless/naive person to shoot themselves in the foot, and it would >> be nice to avoid that - it seems unkind to assume that everyone who >> wants to help the PRNG is going to be knowledgeable about its inner >> workings. > > This conversation is being reset back 12+ years. *SIGH*. I get the > distinct impression that I'm starting again from scratch here, and I'm > not sure that I have either the energy or inclination to do that. > > Are you aware of Yarrow's approach to poor entropy while harvesting? Yes. I am _only_ talking about fixes for the current practice of discarding input - once Yarrow gets to eat input, then its all fine, but as you say, you don't want to run Yarrow over all input because it is too expensive. So, you plan to xor input with itself, instead of discarding if it fills the buffer. My point is that unfortunate choice of input can result in the input cancelling itself out. This is not part of Yarrow - Yarrow specifies that you hash all inputs, not xor or discard them :-)