On Sun, 02 Sep 2012 15:20:31 -0700 Doug Barton wrote: > On 08/22/2012 11:43, David E. O'Brien wrote: > > Author: obrien > > Date: Wed Aug 22 18:43:21 2012 > > New Revision: 239569 > > URL: http://svn.freebsd.org/changeset/base/239569 > > > > Log: > > Remove old entropy seeding after consumption > > initializing /dev/random PRNG. Not doing so opens us up to replay > > attacks. > > I object to this change, and would like to see it discussed more. No entropy file is effectively equivalent to a known file and anything is better than that. Simply writing out a new version of /entropy would be better. The more significant problem is that initrandom dumps some very low-grade entropy into /dev/random before the entropy file (see below). Since /dev/random has very limited buffering, and processes the buffers in a timed loop, it's almost certain that the first entropy file is completely discarded. IMO the order should be reversed or the low-grade stuff should be piped through sha256. # XXX temporary until we can improve the entropy # harvesting rate. # Entropy below is not great, but better than nothing. # This unblocks the generator at startup ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ | dd of=/dev/random bs=8k 2>/dev/null cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null # First pass at reseeding /dev/random. # case ${entropy_file} in [Nn][Oo] | '') ;; *) if [ -w /dev/random ]; then feed_dev_random "${entropy_file}" fi ;; esac _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"