On Tue, 11 Sep 2012 13:54:41 -0700 Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 >=20 > On 09/11/12 12:53, RW wrote: > > On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Sm=F8rgrav wrote: > >=20 > >> Doug Barton <dougb@FreeBSD.org> writes: > >>> 1. Pseudo-randomize the order in which we utilize the files in=20 > >>> /var/db/entropy > >>=20 > >> There's no need for randomization if we make sure that *all* the > >> data written to /dev/random is used, rather than just the first > >> 4096 bytes; or that we reduce the amount of data to 4096 bytes > >> before we write it so none of it is discarded. My gut feeling is > >> that compression is better than hashing for that purpose, > >=20 > > It's analogous to a passphrase, have you ever heard of a passphrase > > being compressed rather than hashed? >=20 > Passphrase hashing is a completely different topic, as what we wanted > is a one-way function that can not be easily reversed, even when part > of the passphrase is known. I was refering to the conversion of a passphrase to key material=20 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"