svn commit: r239569 - head/etc/rc.d
Ben Laurie
benl at freebsd.org
Fri Sep 14 19:14:26 UTC 2012
On Fri, Sep 14, 2012 at 8:06 PM, Mark Murray <mark at grondar.org> wrote:
> Ben Laurie writes:
>> > I'll send patches (untested) in a couple of hours for discussion.
>>
>> I used to like this idea, but it can break pretty badly if you repeat
>> input, so in the end I decided hashes were the only safe way.
>
> What??! Have you seen how Yarrow does its harvesting??
If you XOR into the as-yet-unharvested buffer, then appropriately
aligned repeated input makes the buffer zero.
>
> Presupposing there is no other source of randomness to get swamped out of the way,
>
> $ cat /dev/zero > /dev/random # pretend that /dev/zero is finite length.
>
> ... is harmless, and actually adds a small bit of perturbation to the entropy.
>
> Please explain how repeating input can "break" things here?
>
> M
> --
> Mark R V Murray
> Pi: 132511160
>
More information about the freebsd-security
mailing list