From owner-cvs-all  Mon Oct 30  5:38:33 2000
Delivered-To: cvs-all@freebsd.org
Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8B0F837B4D7; Mon, 30 Oct 2000 05:38:25 -0800 (PST)
Received: from newsguy.com (p40-dn02kiryunisiki.gunma.ocn.ne.jp [211.0.245.105])
	by peach.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id WAA27787;
	Mon, 30 Oct 2000 22:38:02 +0900 (JST)
Message-ID: <39FD644E.E5FC93A8@newsguy.com>
Date: Mon, 30 Oct 2000 21:06:38 +0900
From: "Daniel C. Sobral" <dcs@newsguy.com>
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en,pt-BR
MIME-Version: 1.0
To: Warner Losh <imp@village.org>
Cc: Jesper Skriver <jesper@skriver.dk>,
	Mark Murray <mark@grondar.za>, "John W. De Boskey" <jwd@FreeBSD.org>,
	"Jordan K. Hubbard" <jkh@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/etc rc
References: <20001024124057.A4309@skriver.dk>  <200010232046.e9NKkLR01463@grimreaper.grondar.za> <20001023081548.A41843@bsdwins.com> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <200010232321.RAA11268@harmony.village.org> <200010241256.GAA15067@harmony.village.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Warner Losh wrote:
> 
> In message <20001024124057.A4309@skriver.dk> Jesper Skriver writes:
> : On Mon, Oct 23, 2000 at 05:21:49PM -0600, Warner Losh wrote:
> : I have a idea, what about updating /entropy from cron every hour or so,
> : then if the box goes down hard for some reason, we'll have a entropy
> : file anyway ...
> 
> This is bad because it exposes the state, the current state, of the
> yarrow random engine to the world.  It is too insecure, imho, to do on
> a regular basis.  I had this same idea at bsdcon and this was pointed
> out.

This file shouldn't be readable by anyone but root. And, imo, if root
was compromised, having a weak random is the least of your problems.

Actually, though, I think writing it every hour is silly. Write it once,
at the end of the rc. Put it in background, so it won't stop anything
else. There's no need to write it over and over and over, if it _is_
entropy.

-- 
Daniel C. Sobral			(8-DCS)
dcs@newsguy.com
dcs@freebsd.org
capo@world.wide.bsdconspiracy.net

		He has been convicted of criminal possession of a clue with intent to
distribute.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message