閱讀文章 - 看板 FB_security

發信人delphij@delphij.net (Xin Li),

看板FB_security

標題Re: svn commit: r239569 - head/etc/rc.d

發信站The FreeBSD Project (Sat Sep 15 04:39:27 2012)

轉信站ptt!csnews.cs.nctu!news.cs.nctu!.cs.nctucs.nctu!.org!ownorg!owner-free

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 9/14/12 7:18 PM, Samuel Ports wrote: > Omg cant an freebsd-entropy be created as mailing list already Nothing prevents you from unsubscribing this mailing list. > Sent from my iPhone > > On Sep 14, 2012, at 8:09 PM, RW <rwmaillists@googlemail.com> > wrote: > >> On Fri, 14 Sep 2012 17:25:59 +0100 Ben Laurie wrote: >> >>> On Fri, Sep 14, 2012 at 3:46 PM, RW >>> <rwmaillists@googlemail.com> wrote: >>>> On Fri, 14 Sep 2012 14:43:53 +0100 Ben Laurie wrote: >>>> >>>>> On Fri, Sep 14, 2012 at 2:38 PM, Bjoern A. Zeeb >>>>> <bz@freebsd.org> wrote: >>>>>> 7) send all data to the kernel and hash (arch dependent?) >>>>>> it + counter value into the buffer on overflow, as in >>>>>> b[n] = H(b[n] + c + i[n]) in the kernel (can control when >>>>>> buffer full and only then take action when needed, >>>>>> indepedent on how seed data is chosen, uses standard >>>>>> technology) >>>>> >>>>> IMO, this is the only good option. >>>> >>>> No it isn't. I means that the hashing is unconditional, so >>>> anyone that needs a faster boot needs to patch the kernel. >>> >>> Has anyone measured the cost of doing this? Also, if you really >>> want to turn it off, we could provide a flag. >> >> Yes, read the thread. >> >>>> It has no advantage whatsoever over a minor change to >>>> initrandom. >>> >>> It absolutely has. It applies to all inputs to /dev/random, not >>> just those that come from initrandom. >> >> If the rc script are written correctly it shouldn't matter, there >> no need to write to /dev/random after the boot - it wont do >> anything useful. >> >> It has no advantage over hashing the low-grade entropy in >> userland which is is just couple of lines difference in a shell >> script. >> >>> Also, should something get to write to it before initrandom, >>> initrandom's input would still be used. >> >> There's no reason to do that, so why do you think it matter? >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security To >> unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security To > unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iQEcBAEBCAAGBQJQU/hvAAoJEG80Jeu8UPuzW0sIAIzWmkzVABPNjBEJB5LCKUF2 bhBC2Aapmr5mbxJOqON9j/XCccfcp97iZaQrdOwa7wTOe/7NNZgqDOr6Go2mcQNv SBkhPdi9CoQaAYUoZ65kn9L3UHODbZzDke7jC7LaDxK0tBUl2r+rnaNuwswSxlCU ZsyklowaaHvV9QOVzi1Th/4CrpBocjLjFheziI7reMpQA09+3aMZgVX2hJyU/pY7 l1dB8ymMha4mJ5hYx+j3ZZw40biS9mtHtT+TC4GogQycupkKwxH5jnZGW27/PkY/ ei54JvXCFzHtsyqh61M41Eo1YYo4zMpGphStOFZUYkdaYYz9Js1Qo/5b70/KRYQ= =KuMx -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"