Re: [PATCH RFC] Disable save-entropy in jails
On Tue, 24 Dec 2013 16:04:53 -0800
Xin Li wrote:
> When reading from /dev/random, one essentially consumes entropy that
> is fed into the random device, and eventually it would cause a reseed.
Reads don't trigger reseeds in Yarrow. And both Yarrow and Fortuna are
designed so this isn't a problem. In any case reads that aren't under
the control of an unprivileged attacker make it harder to perform a
state-extension attack, not easier.
This kind of thing shouldn't be an issue for any non-blocking random
device that isn't quite badly broken. If it were, it would be better to
fix the device.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 8 之 11 篇):