Date: Sun, 27 Aug 2000 22:37:03 +0200 From: Mark Murray <mark@grondar.za> To: Adam Back <adam@cypherspace.org> Cc: current@FreeBSD.ORG, kris@FreeBSD.ORG, jeroen@vangelderen.org Subject: Re: yarrow & /dev/random Message-ID: <200008272037.e7RKb3p29908@grimreaper.grondar.za> In-Reply-To: <200008271611.LAA07481@cypherspace.org> ; from Adam Back <adam@cypherspace.org> "Sun, 27 Aug 2000 11:11:55 EST." References: <200008271611.LAA07481@cypherspace.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > That works with what I already have: cat $privatekey > /dev/random :-) > > Yes. But the /dev/random device is traditionally crw-r--r-- which > means user processes can't write to it. So you'd have to be root to > do that. I go one further; at close, I do an explicit reseed, and I make sure that it is root doing the writing. > What could be done for yarrow is to change the device permissions to > crw-rw-rw- and mix into a shared user source and set k_of_n_thresh so > that the user can only trigger fast reseeds, and consider slow reseed > de-skewing function output for blocking /dev/random; or just add user > input with an entropy estimate of 0 so they can't affect reseeding, > and draw fast reseed de-skewing function output for block /dev/random > (slow output may be too slow). The estimate for "user" (really root) input is currently 0, except that I tie it to explicit (fast) reseeds. It shouldn't be a problem to tie it to a trickle-feed, and allow that to do fast-only reseeds after considerable lengths of time. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008272037.e7RKb3p29908>