Date: Mon, 30 Oct 2000 21:06:38 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Warner Losh <imp@village.org> Cc: Jesper Skriver <jesper@skriver.dk>, Mark Murray <mark@grondar.za>, "John W. De Boskey" <jwd@FreeBSD.org>, "Jordan K. Hubbard" <jkh@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc rc Message-ID: <39FD644E.E5FC93A8@newsguy.com> References: <20001024124057.A4309@skriver.dk> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <20001023081548.A41843@bsdwins.com> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <200010232321.RAA11268@harmony.village.org> <200010241256.GAA15067@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: > > In message <20001024124057.A4309@skriver.dk> Jesper Skriver writes: > : On Mon, Oct 23, 2000 at 05:21:49PM -0600, Warner Losh wrote: > : I have a idea, what about updating /entropy from cron every hour or so, > : then if the box goes down hard for some reason, we'll have a entropy > : file anyway ... > > This is bad because it exposes the state, the current state, of the > yarrow random engine to the world. It is too insecure, imho, to do on > a regular basis. I had this same idea at bsdcon and this was pointed > out. This file shouldn't be readable by anyone but root. And, imo, if root was compromised, having a weak random is the least of your problems. Actually, though, I think writing it every hour is silly. Write it once, at the end of the rc. Put it in background, so it won't stop anything else. There's no need to write it over and over and over, if it _is_ entropy. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@world.wide.bsdconspiracy.net He has been convicted of criminal possession of a clue with intent to distribute. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39FD644E.E5FC93A8>