From owner-freebsd-questions@FreeBSD.ORG Tue Mar 1 09:27:47 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1443C16A4CE for ; Tue, 1 Mar 2005 09:27:47 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.199.47.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADBC743D49 for ; Tue, 1 Mar 2005 09:27:46 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 59992512A7; Tue, 1 Mar 2005 01:27:45 -0800 (PST) Date: Tue, 1 Mar 2005 01:27:45 -0800 From: Kris Kennaway To: Ted Mittelstaedt Message-ID: <20050301092745.GA95093@xor.obsecurity.org> References: <20050228200706.GA70059@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i cc: Rob cc: FreeBSD questions cc: Kris Kennaway Subject: Re: /dev/io , /dev/mem : only used by Xorg? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2005 09:27:47 -0000 --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 01, 2005 at 12:02:51AM -0800, Ted Mittelstaedt wrote: > owner-freebsd-questions@freebsd.org wrote: > > On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote: > > > >> Actually, recompiling openssl to use a prng daemon instead of the > >> random device will probably improve your ssh security - unless they > >> have greatly improved the entropy generation in the random device in > >> 5.X > > > > Yes. It seems that you really need to learn about FreeBSD 5.x and > > how it differs from 4.x. > > >=20 > Do I hear an echo here? Did you miss the part where I said "UNLESS > they have greatly improved..." >=20 > The description of the "all new" randomizer in FreeBSD 5.X is all very > well but I have not got around to run a test suite against it. So > until such time as I do, I am not going to assume that it really is > better. There's a big gap between implementation and architecture. >=20 > As I only care to make my stuff crackable by 500 clustered supercomputers > working for 1 year, instead of 2000 supercomputers working for 100 years, > I really and truly have had better things to do than test the new > randomizer. I presume that you are in the same boat Ken, as you have > not admitted to testing it either. If this is the case, perhaps the > wise thing to do would be to actually test it, rather than just taking > the word of the manpage in 5.x that it is better? Eh? Who's Ken? And yes, I've tested it. So has Mark, and Bruce Schneier, who wrote the algorithm. Kris --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCJDWQWry0BWjoQKURAjDFAJ0e3lCrqW+2y4T20VbbmH8r/G8+AgCgjeCc a35i6G6Nh4Pf1fu+Nn7qGv8= =2J4J -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/--