Date: Sat, 15 Sep 2012 11:51:55 +0100 From: Ben Laurie <benl@freebsd.org> To: Mark Murray <markm@freebsd.org> Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, Doug Barton <dougb@freebsd.org>, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, "Bjoern A. Zeeb" <bz@freebsd.org> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <CAG5KPzym9ahG5B6-9JyzWJ-PRy43u1dAuk%2B6185mvxKOpJkr7g@mail.gmail.com> In-Reply-To: <E1TCpk1-000N2H-Vq@groundzero.grondar.org> References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> <alpine.BSF.2.00.1209131258210.13080@ai.fobar.qr> <alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr> <E1TCXN0-000NFT-7I@groundzero.grondar.org> <CAG5KPzwOdCkybj3D5uic1KC-pwW-pewgsrqrXg60f5SJjtzYPw@mail.gmail.com> <E1TCbDG-0002Hz-9D@groundzero.grondar.org> <CAG5KPzzRxzVX-%2B9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com> <E1TCbSz-0007CJ-BI@groundzero.grondar.org> <CAG5KPzyJNmXRfxtPPrdc2zVCsxGtDfJT79YC3a1PNUfOOSzt8A@mail.gmail.com> <E1TCcIq-000Brr-Ex@groundzero.grondar.org> <CAG5KPzwEESg7iUb2%2B-kAN%2Bk55M95BZjh5VaSvxzSsSCVuZ9kMw@mail.gmail.com> <E1TCdlD-000C1N-4g@groundzero.grondar.org> <CAG5KPzzFO1H5Wcx34oXi09=aJqg5w%2BXWSd8fnn0Byvpy_8%2B-rA@mail.gmail.com> <E1TCpk1-000N2H-Vq@groundzero.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 15, 2012 at 11:36 AM, Mark Murray <markm@freebsd.org> wrote: > Ben Laurie writes: >> My point here is that you don't have full control of the inputs >> to /dev/random, so assuming that they take some particular form >> seems like a mistake to me - the aim, I would hope, would be to >> extract available entropy from whatever inputs you get, regardless of >> quality. So, the argument against xor is that it is possible for a >> careless/naive person to shoot themselves in the foot, and it would >> be nice to avoid that - it seems unkind to assume that everyone who >> wants to help the PRNG is going to be knowledgeable about its inner >> workings. > > This conversation is being reset back 12+ years. *SIGH*. I get the > distinct impression that I'm starting again from scratch here, and I'm > not sure that I have either the energy or inclination to do that. > > Are you aware of Yarrow's approach to poor entropy while harvesting? Yes. I am _only_ talking about fixes for the current practice of discarding input - once Yarrow gets to eat input, then its all fine, but as you say, you don't want to run Yarrow over all input because it is too expensive. So, you plan to xor input with itself, instead of discarding if it fills the buffer. My point is that unfortunate choice of input can result in the input cancelling itself out. This is not part of Yarrow - Yarrow specifies that you hash all inputs, not xor or discard them :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzym9ahG5B6-9JyzWJ-PRy43u1dAuk%2B6185mvxKOpJkr7g>