On Thu, Sep 06, 2012 at 01:03:25PM -0700, David O'Brien (@FreeBSD) wrote: > I already said an attacker could have a local login on the system. > That would give them full knowledge of the kenv output. > Same attacker can figure out the 'date' output from uptime, etc... Note that this flies somewhat in the face of my argument for 'postrandom' based on Schneier's writings on deleting the seed file after it used. Please remember this is for better_than_nothing(). I like Arthur's patch that avoids calling better_than_nothing() if we feed_dev_random() with ${entropy_file}. -- -- David (obrien@FreeBSD.org) _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"