svn commit: r239569 - head/etc/rc.d
RW
rwmaillists at googlemail.com
Tue Sep 11 19:53:09 UTC 2012
On Tue, 11 Sep 2012 13:28:51 +0200
Dag-Erling Smørgrav wrote:
> Doug Barton <dougb at FreeBSD.org> writes:
> > 1. Pseudo-randomize the order in which we utilize the files in
> > /var/db/entropy
>
> There's no need for randomization if we make sure that *all* the data
> written to /dev/random is used, rather than just the first 4096 bytes;
> or that we reduce the amount of data to 4096 bytes before we write it
> so none of it is discarded. My gut feeling is that compression is
> better than hashing for that purpose,
It's analogous to a passphrase, have you ever heard of a
passphrase being compressed rather than hashed?
The only good reason for compression is if compression+hashing is
faster than hashing, and that sounds unlikely.
You all seem to be making very heavy weather of this - all that's needed
is to pass the low-grade stuff through a hash of your choice and then
follow that with the entropy file to fill-up the remaining 4k.
More information about the freebsd-security
mailing list