From owner-freebsd-questions@FreeBSD.ORG  Mon Sep 17 13:50:39 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 90F9316A418
	for <freebsd-questions@freebsd.org>;
	Mon, 17 Sep 2007 13:50:39 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id E003813C467
	for <freebsd-questions@freebsd.org>;
	Mon, 17 Sep 2007 13:50:38 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.13.8/8.13.8) with ESMTP id l8HDoX3U074321;
	Mon, 17 Sep 2007 15:50:33 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.13.8/8.13.8/Submit) with ESMTP id
	l8HDoXJ7074318; Mon, 17 Sep 2007 15:50:33 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Mon, 17 Sep 2007 15:50:33 +0200 (CEST)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: RW <fbsd06@mlists.homeunix.com>
In-Reply-To: <20070917032422.33361b0a@gumby.homeunix.com.>
Message-ID: <20070917154845.F74117@wojtek.tensor.gdynia.pl>
References: <20070913153630.GA9448@slackbox.xs4all.nl>
	<200709161521.39955.fbsd.questions@rachie.is-a-geek.net>
	<20070916215550.65e09a71@gumby.homeunix.com.>
	<200709162351.58692.fbsd.questions@rachie.is-a-geek.net>
	<20070917032422.33361b0a@gumby.homeunix.com.>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org
Subject: Re: /dev/random question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Sep 2007 13:50:39 -0000


> same Yarrow pseudo-random sequence. If enough of the random data
> survives at the end of the dvd it may allow an attack against the PRNG.
>
> As things stand, Yarrow is secure, but it might not be a few years from
> now.
>
always humans make most of security problems, not programs.

if you need more security simply modify random generation code. even if it 
will be worse after your modification, it will be unique, and unknown to 
attackers. and that's the best protection