svn commit: r239569 - head/etc/rc.d
Xin Li
delphij at delphij.net
Sat Sep 15 03:39:28 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 9/14/12 7:18 PM, Samuel Ports wrote:
> Omg cant an freebsd-entropy be created as mailing list already
Nothing prevents you from unsubscribing this mailing list.
> Sent from my iPhone
>
> On Sep 14, 2012, at 8:09 PM, RW <rwmaillists at googlemail.com>
> wrote:
>
>> On Fri, 14 Sep 2012 17:25:59 +0100 Ben Laurie wrote:
>>
>>> On Fri, Sep 14, 2012 at 3:46 PM, RW
>>> <rwmaillists at googlemail.com> wrote:
>>>> On Fri, 14 Sep 2012 14:43:53 +0100 Ben Laurie wrote:
>>>>
>>>>> On Fri, Sep 14, 2012 at 2:38 PM, Bjoern A. Zeeb
>>>>> <bz at freebsd.org> wrote:
>>>>>> 7) send all data to the kernel and hash (arch dependent?)
>>>>>> it + counter value into the buffer on overflow, as in
>>>>>> b[n] = H(b[n] + c + i[n]) in the kernel (can control when
>>>>>> buffer full and only then take action when needed,
>>>>>> indepedent on how seed data is chosen, uses standard
>>>>>> technology)
>>>>>
>>>>> IMO, this is the only good option.
>>>>
>>>> No it isn't. I means that the hashing is unconditional, so
>>>> anyone that needs a faster boot needs to patch the kernel.
>>>
>>> Has anyone measured the cost of doing this? Also, if you really
>>> want to turn it off, we could provide a flag.
>>
>> Yes, read the thread.
>>
>>>> It has no advantage whatsoever over a minor change to
>>>> initrandom.
>>>
>>> It absolutely has. It applies to all inputs to /dev/random, not
>>> just those that come from initrandom.
>>
>> If the rc script are written correctly it shouldn't matter, there
>> no need to write to /dev/random after the boot - it wont do
>> anything useful.
>>
>> It has no advantage over hashing the low-grade entropy in
>> userland which is is just couple of lines difference in a shell
>> script.
>>
>>> Also, should something get to write to it before initrandom,
>>> initrandom's input would still be used.
>>
>> There's no reason to do that, so why do you think it matter?
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security To
>> unsubscribe, send any mail to
>> "freebsd-security-unsubscribe at freebsd.org"
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security To
> unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
iQEcBAEBCAAGBQJQU/hvAAoJEG80Jeu8UPuzW0sIAIzWmkzVABPNjBEJB5LCKUF2
bhBC2Aapmr5mbxJOqON9j/XCccfcp97iZaQrdOwa7wTOe/7NNZgqDOr6Go2mcQNv
SBkhPdi9CoQaAYUoZ65kn9L3UHODbZzDke7jC7LaDxK0tBUl2r+rnaNuwswSxlCU
ZsyklowaaHvV9QOVzi1Th/4CrpBocjLjFheziI7reMpQA09+3aMZgVX2hJyU/pY7
l1dB8ymMha4mJ5hYx+j3ZZw40biS9mtHtT+TC4GogQycupkKwxH5jnZGW27/PkY/
ei54JvXCFzHtsyqh61M41Eo1YYo4zMpGphStOFZUYkdaYYz9Js1Qo/5b70/KRYQ=
=KuMx
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list