From owner-freebsd-security@FreeBSD.ORG Tue Sep 4 00:46:27 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA95C106566C for ; Tue, 4 Sep 2012 00:46:27 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 79C0E8FC0A for ; Tue, 4 Sep 2012 00:46:26 +0000 (UTC) Received: by weyx56 with SMTP id x56so4018848wey.13 for ; Mon, 03 Sep 2012 17:46:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=fiGPSAsQd9a8F1FWKKvQvrFEtLU0dDUtl6F1+bbRz98=; b=ehgG35V4LhEh+is65S+Na3a82lBdVd7KE8oVFoZ/GRntooEgbzbGqkxAAF6qYDeDOV yZ+whqwPasirZEvBVM+nWYShTmYXrEbpp/0iUWIdwTmtWuTi5l/wKvOO89fvnLLx12wY QWNRbI8ZJ2Sm8wjjhEpwgEz26LlXq+yxPBPrCuqbzd888vrkpyMrupVON1JU5X6NkQ8M VzhkWuag+ZeDVVW6x2+5FyihB9Uix8KSuYZSnDk7nif6j8ablAOEviauaB4aCAkSTM5h nHWfg7vtKP+uBlvj7Hq5U5N8vA3IbImAeILKy53X49YOk8awBou9vHxQqCgNdntkLmZ/ +0kA== Received: by 10.216.139.196 with SMTP id c46mr10650940wej.220.1346719586007; Mon, 03 Sep 2012 17:46:26 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id l5sm31979517wix.5.2012.09.03.17.46.23 (version=SSLv3 cipher=OTHER); Mon, 03 Sep 2012 17:46:24 -0700 (PDT) Date: Tue, 4 Sep 2012 01:46:21 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120904014621.3f173513@gumby.homeunix.com> In-Reply-To: <20120903203505.GN1464@x96.org> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2012 00:46:28 -0000 On Mon, 3 Sep 2012 13:35:05 -0700 Arthur Mesh wrote: > You could be correct about Yarrow, but the Bruce Schneier explicitly > recommends to recycle already used seed with a new one. Reference is > provided in the code. I think this is basically sound, but bear in mind that the yarrow kernel thread, which processes the entropy buffers into yarrow, loops with a 100 ms pause. You have to allow enough time for that delay and additional time for the queues to be drained and the yarrow reseed; otherwise you are discarding the entropy (assuming you haven't already done that by saturating the buffers with sysctl -a).