Date: Fri, 14 Sep 2012 08:23:17 -0600 From: Ian Lepore <freebsd@damnhippie.dyndns.org> To: "Bjoern A. Zeeb" <bz@FreeBSD.org> Cc: Arthur Mesh <arthurmesh@gmail.com>, Doug Barton <dougb@FreeBSD.org>, David O'Brien <obrien@FreeBSD.org>, freebsd-security@FreeBSD.org, RW <rwmaillists@googlemail.com>, Mark Murray <markm@FreeBSD.org> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <1347632597.1110.155.camel@revolution.hippie.lan> In-Reply-To: <alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr> References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> <alpine.BSF.2.00.1209131258210.13080@ai.fobar.qr> <alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2012-09-14 at 13:38 +0000, Bjoern A. Zeeb wrote: > On Thu, 13 Sep 2012, Bjoern A. Zeeb wrote: > > Hi, > > I have removed freebsd-rc for this part of the discussion as it's > unrelated. > I don't think I have the right expertise to help in this discussion. My gut tells me that lossless compression (a simple change of encoding) will not discard entropy, while hashing (purposely discarding information rather than simply changing the way it's expressed) seems quite likely to discard entropy. But I can't back that up with any sort of proof or experimental evidence. I suspect someone well-versed in information theory could better address the issue. My main interest in the discussion has always been the runtime expense of the "better than nothing" entropy generation on low-end platforms. I think the one thing left I might be able to contribute is a little bit of OtherThink that the freebsd-rc thread inspired in me: Several folks have found bits of "better than nothing" entropy squirelled away here and there and there was some good discussion about the relative merits of various bits of it. All that information comes from the kernel, so why don't we harvest and use it in the kernel? How about a new SYSINIT that runs just before init(1) is launched that goes and directly harvests some of the "better than nothing" values from the sources (meaning we get the binary representations without all the boilerplate text) and feed them to yarrow internally? That way we're always seeded at least "better than nothing" before any rc scripts run. That whittles away one part of what initrandom has to do, and it completely wishes away the question of how to increase the density of the entropy in the data in initrandom, because it will only be responsible for feeding in the files that contain "pure" entropy. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1347632597.1110.155.camel>