From owner-freebsd-rc@FreeBSD.ORG Tue Sep 4 22:08:08 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51632106566B; Tue, 4 Sep 2012 22:08:08 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (host-122-100-2-194.octopus.com.au [122.100.2.194]) by mx1.freebsd.org (Postfix) with ESMTP id B8F3A8FC18; Tue, 4 Sep 2012 22:08:06 +0000 (UTC) Received: from server.rulingia.com (c220-239-249-137.belrs5.nsw.optusnet.com.au [220.239.249.137]) by vps.rulingia.com (8.14.5/8.14.5) with ESMTP id q84M7x7F049462 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 5 Sep 2012 08:07:59 +1000 (EST) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.14.5/8.14.5) with ESMTP id q84M7sRQ003918 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Sep 2012 08:07:54 +1000 (EST) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.14.5/8.14.5/Submit) id q84M7soT003917; Wed, 5 Sep 2012 08:07:54 +1000 (EST) (envelope-from peter) Date: Wed, 5 Sep 2012 08:07:54 +1000 From: Peter Jeremy To: Doug Barton Message-ID: <20120904220754.GA3643@server.rulingia.com> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline In-Reply-To: <50453686.9090100@FreeBSD.org> X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org, freebsd-rc@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2012 22:08:08 -0000 --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Sep-03 16:00:22 -0700, Doug Barton wrote: >The static files are provided as a means to stir the pool to unblock the >device at boot time. As far as I can tell, this is no longer required. Both the Yarrow and Nehemiah Padlock generators initialise to "seeded" and there is no provision (other than sysctl) to "unseed" them. Yarrow will begin collecting entropy as soon as the random device receives a MOD_LOAD event during kernel startup. >Ummm ... I think you have the logic backwards on this. :) We have a >system, designed with fairly thorough knowledge of how Yarrow works, and >taking all possible scenarios into account. It's stood the test of time >for many years now. Has anyone actually done a security analysis of our random(4)? >What if, instead of replacing /entropy, we add an additional file in >/var/db/entropy at boot time that is numerically 1 higher than >$entropy_save_num ? That sounds like a reasonable idea. > (Note, I have to fix the rotation script to account >for this, but I have had "improve the rotation script" on my TODO list >for a long time now, and this is a good excuse for me to get a round >'tuit.) You might like to look at kern/134225 (which is misfiled, sorry). --=20 Peter Jeremy --jRHKVT23PllUwdXP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBGe7oACgkQ/opHv/APuIepJQCdFrWX4g0KN1ToSckiakYuInVl PLcAn2Sn0L2/3EBqPiRw8Hs1U7EdcJdy =G90S -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--