Re: rc.d/postrandom
Ben Laurie <benl@freebsd.org> writes:
> He means postrandom. Which deletes all saved entropy because of fear
> of replay attacks.
>
> IMO, this doesn't make much sense - if you don't have sufficient fresh
> entropy to mix into the pool, then deleting your saved entropy makes
> you more vulnerable, not less. And if you do, you're not vulnerable
> anyway.
If the stored entropy is known to the attacker, you are mixing known
data into the pool, which Yarrow is designed to withstand. You are no
worse off than before.
If both the current state of Yarrow and the stored entropy are known to
the attacker, you are no worse off than before - you are equally screwed
whether you use the stored entropy or not.
If the current state of Yarrow is known to the attacker but the stored
entropy isn't, you are better off with it than without it.
Therefore, the stored entropy should only be deleted when we have
something to replace it with.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)