svn commit: r239569 - head/etc/rc.d
RW
rwmaillists at googlemail.com
Thu Sep 6 22:02:04 UTC 2012
On Thu, 6 Sep 2012 10:42:47 -0700
David O'Brien wrote:
> On Wed, Sep 05, 2012 at 08:07:54AM +1000, Peter Jeremy wrote:
> > >What if, instead of replacing /entropy, we add an additional file
> > >in /var/db/entropy at boot time that is numerically 1 higher than
> > >$entropy_save_num ?
> > That sounds like a reasonable idea.
>
> I don't see what that adds or fixes. It does not correct the
> possible reuse of seed material.
Reusing a secure entropy file is only a problem if the complete history
of yarrow, from boot until some significant output, is exactly the same
as on a previous boot. Once something changes you get a completely
different sequence of yarrow cipher-keys; a counter or writing out
a new entropy file will both do this, but OTOH so will any difference in
harvested entropy such a sub-nanosecond difference in timing.
More information about the freebsd-rc
mailing list