From owner-freebsd-security@FreeBSD.ORG  Wed Aug  9 15:11:24 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5A19016A4DF
	for <freebsd-security@freebsd.org>;
	Wed,  9 Aug 2006 15:11:24 +0000 (UTC)
	(envelope-from arne_woerner@yahoo.com)
Received: from web30314.mail.mud.yahoo.com (web30314.mail.mud.yahoo.com
	[209.191.69.76]) by mx1.FreeBSD.org (Postfix) with SMTP id E7BF643D82
	for <freebsd-security@freebsd.org>;
	Wed,  9 Aug 2006 15:11:07 +0000 (GMT)
	(envelope-from arne_woerner@yahoo.com)
Received: (qmail 65082 invoked by uid 60001); 9 Aug 2006 15:11:07 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=BHvkiCa+RHbMc+VV+4DDhEcXBGjP5U1f8Eve6DwmaVKtPIZzvpNd+enqERXpA8km1p80OfkrpjsmKtYtA4bDvRLhLH20OC6x+TiTv10T0p4QwEKJ+chiCb5Mz/wS6gekKtJWxPGid22EQEj6rKFh4p03Zd0LOrAaXaze45tDgxs=
	; 
Message-ID: <20060809151107.65080.qmail@web30314.mail.mud.yahoo.com>
Received: from [213.54.65.30] by web30314.mail.mud.yahoo.com via HTTP;
	Wed, 09 Aug 2006 08:11:06 PDT
Date: Wed, 9 Aug 2006 08:11:06 -0700 (PDT)
From: "R. B. Riddick" <arne_woerner@yahoo.com>
To: Brooks Davis <brooks@one-eyed-alien.net>
In-Reply-To: <20060809130842.GA7832@lor.one-eyed-alien.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-security@freebsd.org, Doug Barton <dougb@freebsd.org>
Subject: Re: seeding dev/random in 5.5
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2006 15:11:24 -0000

--- Brooks Davis <brooks@one-eyed-alien.net> wrote:
> On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote:
> These are valid if probably overly paranoid points. :)
>
Hmm... Oki Doke... But why use ssh, if u do not really care, if u connect to
the right host? Maybe the postmen know telecom-men? ;-)

> > * But what if the postman (see first point) know already the host-key from
> > reading the CD? Then he could log in to ur boxes...
> 
> This isn't true.  The host key lets you impersonate the host.  It
> does not do anything related to log in (unless you use host based
> auth).
> 
Ooch! I wrote something wrong. :-)

Most likely I meant:
If the postman knows the secret part of the host-key, his host could still
pretend to be the real host...

-Arne


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com