rc.d/postrandom
Ben Laurie
benl at freebsd.org
Mon Sep 24 17:47:10 UTC 2012
On Mon, Sep 24, 2012 at 10:15 AM, Dag-Erling Smørgrav <des at des.no> wrote:
> Doug Barton <dougb at FreeBSD.org> writes:
>> If you disagree with what this script is doing, please speak up.
>
> Do you mean initrandom? I dislike it only slightly less now than I did
> before. I hope Pawel's patch works out so we can nuke it.\
He means postrandom. Which deletes all saved entropy because of fear
of replay attacks.
IMO, this doesn't make much sense - if you don't have sufficient fresh
entropy to mix into the pool, then deleting your saved entropy makes
you more vulnerable, not less. And if you do, you're not vulnerable
anyway.
So, I'm with Dough on this one.
More information about the freebsd-security
mailing list