On Fri, Sep 14, 2012 at 9:15 PM, Mark Murray <ma...@freebsd.org> wrote: > Ben Laurie writes: >> What I am trying to do is extract whatever entropy there is in the >> input. You appear to be saying that there's no point adding extra >> entropy because it is estimated at zero. This makes no sense to me. > > What I am trying to say is that it doesn't matter if by some coincidence > certain harvested file fragments contain zero. Furthermore, it doesn't > matter if you feed /dev/random a whole bunch of zeros (except in the > case where that swamps out other harvested events, and it is that > problem we are trying to solve, amonmgst others).
I agree with this. > My proposed solution is intended so address, if not solve that problem, > by preventing file writes from filling up the harvest queue. Yarrow > already has pretty good data hashing; there is no point in duplicating > that. Fine: then when the queue fills, run the Yarrow algorithm. If not, then whatever you run instead must also be sound. XOR isn't. > Note that I have already agreed that external preconditioning of the > data is a good idea; I like the idea of compression and some external > hashing (but not the speed of these duting boot). I don't, because you can't rely on it. That is, I'm not against it, but we can't rely on it. > Others may work, but > ultimately I trust Yarrow more. > > M > -- > Mark R V Murray > Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) > Pi: 132511160 > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
