svn commit: r239569 - head/etc/rc.d
RW
rwmaillists at googlemail.com
Sat Sep 15 01:58:27 UTC 2012
On Fri, 14 Sep 2012 22:49:14 +0100
Mark Murray wrote:
> If not, then whatever you run instead must also be sound. XOR isn't.
>
> You have a way to go before you convince me on this one. I'll buy this
> argument if it is a routine/regular/risky ocurrence that the output
> of (say)
>
> $ ( ps -gauxwww ; netstat -arn ; sysctl -ao ) | gzip | ...
>
> ... can be demonstrated to have insignificant entropy when harvested
> using my proposed method. BTW - you may want to actually see the
> method.
The fastest compression setting on gzip is five times slower than
sha256 and doesn't actually solve any specific problem.
So far no one has come up with a single cogent argument for
compression. If you replace compression with hashing then the need
modifying the kernel code is eliminated.
More information about the freebsd-security
mailing list