-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 16:01, David O'Brien wrote: > On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: >> On 09/11/12 14:52, David O'Brien wrote: >>> On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote: >>>> Hmm, but this sha256 run will turn the output to 65 bytes >>>> (hex representation of 256 bits of hash output, 64 bytes, and >>>> one \n), so, only 256 bits of random data, is that >>>> intentional? > ... >>> You suggested gzip, but I just don't know enough about >>> compression algorithms as they apply in this area to know if we >>> should use gzip instead or not. >> >> I don't think I know enough here, unfortunately... > > Since I cannot justify using gzip, I'm keeping the sha256 in my > patch. I am not opposed to someone else changing that to gzip. Please consider using sha512... I'm not quite convinced that this works by the way -- is 65 bytes enough to "kickstart" /dev/random? Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT8ewAAoJEG80Jeu8UPuzBSUIAK1nOAAkEcU+FcnGiCtebxqz ja4UbAGlr2rVItnEIqKG/juVMqb1ziIMGpn2M87C34Z7Go/VVcbfqVc1Gvr+PZgg U5Gm+O02Xy+mUJUBiYOrOWR2giIn32InCMMAdpDIL1N0q1YS/LXOtJPuvI70mb1T SZ9KReDJUIhmRVxuhbiRlFgw/zFSatnDArcCCxLx99JK9BvYj85Q/0OdOIQhaZmu IM1fLtI2HffIRpiJ+oIFuJMudEbZYJU6JX2/LWo3Ns3XTqCNSvhk5TmIyvAhKIVK CFLQOgrfHig3e1ir7TNGc/XmWrPUog1lKtAW3icWgnN39zkpIU16VOq2tq3CrCw= =loAC -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"