From owner-freebsd-security@FreeBSD.ORG Thu Sep 6 22:47:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 43FAF106572D; Thu, 6 Sep 2012 22:47:08 +0000 (UTC) (envelope-from arthurmesh@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7A9128FC0C; Thu, 6 Sep 2012 22:47:08 +0000 (UTC) Received: by pbbrp2 with SMTP id rp2so3363878pbb.13 for ; Thu, 06 Sep 2012 15:47:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=h/ZJAWHfRojpQqizUUmlRV+ycQLuNEsBSv5ArtgXo3E=; b=tnNMQOEAj1HA5iMEVbq9Ag6N0Gi6bfwM1D20jXfZZ6aKjnDqpiFYrrfK1wi2aXHVrL MSFWL+RvF9oFYCIXW3ev9iiqRbydwucCSDJEt8QIX7/fQjunnKXtOVuIbEbDFKUG97Y8 JIqxc/oJjmCUpunv2FawKPoIXtV9kE8hJcBNfMlIg+ecTdxyJqycumPqge4hyRz+2pAZ n4GtwJpY5Yj0BMKcnx70whY2Zp5/o1F9Yhse9JlIC8HohQEGLp8b79MiYEfdA9CHyyjD M9rjaJj45fI8T17dG7BVpCEp/IAdS3trTFj2R5D0y6ljCn2B2rNmy0TpLHl10Jr+9jtz e8Fg== Received: by 10.68.226.100 with SMTP id rr4mr6750569pbc.143.1346971627858; Thu, 06 Sep 2012 15:47:07 -0700 (PDT) Received: from x96.org (x96.org. [64.85.165.177]) by mx.google.com with ESMTPS id hf1sm2060437pbc.42.2012.09.06.15.47.05 (version=SSLv3 cipher=OTHER); Thu, 06 Sep 2012 15:47:07 -0700 (PDT) Date: Thu, 6 Sep 2012 15:47:03 -0700 From: Arthur Mesh To: RW Message-ID: <20120906224703.GD89120@x96.org> References: <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120906230157.5307a21f@gumby.homeunix.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Mailman-Approved-At: Thu, 06 Sep 2012 23:13:09 +0000 Cc: freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Doug Barton Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2012 22:47:10 -0000 On Thu, Sep 06, 2012 at 11:01:57PM +0100, RW wrote: > Reusing a secure entropy file is only a problem if the complete history > of yarrow, from boot until some significant output, is exactly the same > as on a previous boot. Not sure I agree. It's not the only problem. It's the worst problem; in the situation you describe, you'll end up with identical output from /dev/random. > Once something changes you get a completely > different sequence of yarrow cipher-keys; a counter or writing out > a new entropy file will both do this, but OTOH so will any difference in > harvested entropy such a sub-nanosecond difference in timing. You're correct. Are you arguing that we shouldn't recycle /entropy after it's used? If so, why are you okay with making life easier for active attackers?