Date: Tue, 4 Sep 2012 01:46:21 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120904014621.3f173513@gumby.homeunix.com> In-Reply-To: <20120903203505.GN1464@x96.org> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Sep 2012 13:35:05 -0700 Arthur Mesh wrote: > You could be correct about Yarrow, but the Bruce Schneier explicitly > recommends to recycle already used seed with a new one. Reference is > provided in the code. I think this is basically sound, but bear in mind that the yarrow kernel thread, which processes the entropy buffers into yarrow, loops with a 100 ms pause. You have to allow enough time for that delay and additional time for the queues to be drained and the yarrow reseed; otherwise you are discarding the entropy (assuming you haven't already done that by saturating the buffers with sysctl -a).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120904014621.3f173513>