From owner-freebsd-security@FreeBSD.ORG  Fri Sep 14 20:20:09 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3557910656AD
	for <freebsd-security@freebsd.org>;
	Fri, 14 Sep 2012 20:20:09 +0000 (UTC)
	(envelope-from markm@FreeBSD.org)
Received: from gromit.grondar.org (grandfather.grondar.org
	[IPv6:2a01:348:0:15:5d59:5c20:0:2])
	by mx1.freebsd.org (Postfix) with ESMTP id D8F8B8FC16
	for <freebsd-security@freebsd.org>;
	Fri, 14 Sep 2012 20:20:08 +0000 (UTC)
Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.77
	(FreeBSD)) (envelope-from <markm@FreeBSD.org>) id 1TCcMx-00052j-K2
	for freebsd-security@freebsd.org; Fri, 14 Sep 2012 21:20:07 +0100
Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org)
	by groundzero.grondar.org with esmtp (Exim 4.77 (FreeBSD))
	(envelope-from <markm@FreeBSD.org>)
	id 1TCcIq-000Brr-Ex; Fri, 14 Sep 2012 21:15:52 +0100
To: Ben Laurie <benl@freebsd.org>
In-reply-to: <CAG5KPzyJNmXRfxtPPrdc2zVCsxGtDfJT79YC3a1PNUfOOSzt8A@mail.gmail.com>
References: <50453686.9090100@FreeBSD.org>
	<20120911082309.GD72584@dragon.NUXI.org>
	<504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org>
	<5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org>
	<20120913052431.GA15052@dragon.NUXI.org>
	<alpine.BSF.2.00.1209131258210.13080@ai.fobar.qr>
	<alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr>
	<E1TCXN0-000NFT-7I@groundzero.grondar.org>
	<CAG5KPzwOdCkybj3D5uic1KC-pwW-pewgsrqrXg60f5SJjtzYPw@mail.gmail.com>
	<E1TCbDG-0002Hz-9D@groundzero.grondar.org>
	<CAG5KPzzRxzVX-+9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com>
	<E1TCbSz-0007CJ-BI@groundzero.grondar.org>
	<CAG5KPzyJNmXRfxtPPrdc2zVCsxGtDfJT79YC3a1PNUfOOSzt8A@mail.gmail.com>
From: Mark Murray <markm@FreeBSD.org>
Date: Fri, 14 Sep 2012 21:15:52 +0100
Message-Id: <E1TCcIq-000Brr-Ex@groundzero.grondar.org>
Cc: Arthur Mesh <arthurmesh@gmail.com>,
	Ian Lepore <freebsd@damnhippie.dyndns.org>,
	Doug Barton <dougb@freebsd.org>, freebsd-security@freebsd.org,
	RW <rwmaillists@googlemail.com>, "Bjoern A. Zeeb" <bz@freebsd.org>
Subject: Re: svn commit: r239569 - head/etc/rc.d
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 20:20:09 -0000

Ben Laurie writes:
> What I am trying to do is extract whatever entropy there is in the
> input. You appear to be saying that there's no point adding extra
> entropy because it is estimated at zero. This makes no sense to me.

What I am trying to say is that it doesn't matter if by some coincidence
certain harvested file fragments contain zero. Furthermore, it doesn't
matter if you feed /dev/random a whole bunch of zeros (except in the
case where that swamps out other harvested events, and it is that
problem we are trying to solve, amonmgst others).

My proposed solution is intended so address, if not solve that problem,
by preventing file writes from filling up the harvest queue. Yarrow
already has pretty good data hashing; there is no point in duplicating
that.

Note that I have already agreed that external preconditioning of the
data is a good idea; I like the idea of compression and some external
hashing (but not the speed of these duting boot). Others may work, but
ultimately I trust Yarrow more.

M
--
Mark R V Murray
Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open)
Pi: 132511160