Ben Laurie <benl@freebsd.org> writes: > He means postrandom. Which deletes all saved entropy because of fear > of replay attacks. > > IMO, this doesn't make much sense - if you don't have sufficient fresh > entropy to mix into the pool, then deleting your saved entropy makes > you more vulnerable, not less. And if you do, you're not vulnerable > anyway. If the stored entropy is known to the attacker, you are mixing known data into the pool, which Yarrow is designed to withstand. You are no worse off than before. If both the current state of Yarrow and the stored entropy are known to the attacker, you are no worse off than before - you are equally screwed whether you use the stored entropy or not. If the current state of Yarrow is known to the attacker but the stored entropy isn't, you are better off with it than without it. Therefore, the stored entropy should only be deleted when we have something to replace it with. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"