On Mon, 3 Sep 2012 00:57:08 +0100 RW wrote: > On Sun, 02 Sep 2012 15:20:31 -0700 > Doug Barton wrote: > > > On 08/22/2012 11:43, David E. O'Brien wrote: > > > Author: obrien > > > Date: Wed Aug 22 18:43:21 2012 > > > New Revision: 239569 > > > URL: http://svn.freebsd.org/changeset/base/239569 > > > > > > Log: > > > Remove old entropy seeding after consumption > > > initializing /dev/random PRNG. Not doing so opens us up to replay > > > attacks. > > > > I object to this change, and would like to see it discussed more. > > > No entropy file is effectively equivalent to a known file and anything > is better than that. Simply writing out a new version of /entropy > would be better. > > > The more significant problem is that initrandom dumps some very > low-grade entropy into /dev/random before the entropy file (see > below). Since /dev/random has very limited buffering, and processes > the buffers in a timed loop, it's almost certain that the first > entropy file is completely discarded. IMO the order should be > reversed or the low-grade stuff should be piped through sha256.
I see that in CURRENT the order is reversed, but it's still repeating the same problem of saturating the buffers. Now most of of the low-grade entropy is going to be lost include the date, which in almost all cases would have eliminated any problem with a reused entropy file. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
