Re: svn commit: r239569 - head/etc/rc.d
On Thu, Sep 06, 2012 at 11:01:57PM +0100, RW wrote:
> Reusing a secure entropy file is only a problem if the complete history
> of yarrow, from boot until some significant output, is exactly the same
> as on a previous boot.
Not sure I agree. It's not the only problem. It's the worst problem;
in the situation you describe, you'll end up with identical output from
/dev/random.
> Once something changes you get a completely
> different sequence of yarrow cipher-keys; a counter or writing out
> a new entropy file will both do this, but OTOH so will any difference in
> harvested entropy such a sub-nanosecond difference in timing.
You're correct. Are you arguing that we shouldn't recycle /entropy after
it's used? If so, why are you okay with making life easier for active
attackers?
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 41 之 145 篇):