svn commit: r239569 - head/etc/rc.d
Arthur Mesh
arthurmesh at gmail.com
Thu Sep 6 22:47:10 UTC 2012
On Thu, Sep 06, 2012 at 11:01:57PM +0100, RW wrote:
> Reusing a secure entropy file is only a problem if the complete history
> of yarrow, from boot until some significant output, is exactly the same
> as on a previous boot.
Not sure I agree. It's not the only problem. It's the worst problem;
in the situation you describe, you'll end up with identical output from
/dev/random.
> Once something changes you get a completely
> different sequence of yarrow cipher-keys; a counter or writing out
> a new entropy file will both do this, but OTOH so will any difference in
> harvested entropy such a sub-nanosecond difference in timing.
You're correct. Are you arguing that we shouldn't recycle /entropy after
it's used? If so, why are you okay with making life easier for active
attackers?
More information about the freebsd-rc
mailing list