Re: svn commit: r239569 - head/etc/rc.d
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2012-Sep-03 16:00:22 -0700, Doug Barton <dougb@freebsd.org> wrote:
>The static files are provided as a means to stir the pool to unblock the
>device at boot time.
As far as I can tell, this is no longer required. Both the Yarrow and
Nehemiah Padlock generators initialise to "seeded" and there is no
provision (other than sysctl) to "unseed" them. Yarrow will begin
collecting entropy as soon as the random device receives a MOD_LOAD
event during kernel startup.
>Ummm ... I think you have the logic backwards on this. :) We have a
>system, designed with fairly thorough knowledge of how Yarrow works, and
>taking all possible scenarios into account. It's stood the test of time
>for many years now.
Has anyone actually done a security analysis of our random(4)?
>What if, instead of replacing /entropy, we add an additional file in
>/var/db/entropy at boot time that is numerically 1 higher than
>$entropy_save_num ?
That sounds like a reasonable idea.
> (Note, I have to fix the rotation script to account
>for this, but I have had "improve the rotation script" on my TODO list
>for a long time now, and this is a good excuse for me to get a round
>'tuit.)
You might like to look at kern/134225 (which is misfiled, sorry).
--=20
Peter Jeremy
--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlBGe7oACgkQ/opHv/APuIepJQCdFrWX4g0KN1ToSckiakYuInVl
PLcAn2Sn0L2/3EBqPiRw8Hs1U7EdcJdy
=G90S
-----END PGP SIGNATURE-----
--jRHKVT23PllUwdXP--
討論串 (同標題文章)
完整討論串 (本文為第 35 之 145 篇):