svn commit: r239569 - head/etc/rc.d
RW
rwmaillists at googlemail.com
Tue Sep 4 00:46:28 UTC 2012
On Mon, 3 Sep 2012 13:35:05 -0700
Arthur Mesh wrote:
> You could be correct about Yarrow, but the Bruce Schneier explicitly
> recommends to recycle already used seed with a new one. Reference is
> provided in the code.
I think this is basically sound, but bear in mind that the yarrow
kernel thread, which processes the entropy buffers into yarrow, loops
with a 100 ms pause. You have to allow enough time for that delay and
additional time for the queues to be drained and the yarrow reseed;
otherwise you are discarding the entropy (assuming you haven't already
done that by saturating the buffers with sysctl -a).
More information about the freebsd-security
mailing list