Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Oct 2000 16:24:45 +0200
From:      Eivind Eklund <eivind@FreeBSD.org>
To:        Warner Losh <imp@village.org>
Cc:        Mark Murray <mark@grondar.za>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/etc rc
Message-ID:  <20001024162445.A58246@warning.follo.net>
In-Reply-To: <200010241256.GAA15067@harmony.village.org>; from imp@village.org on Tue, Oct 24, 2000 at 06:56:25AM -0600
References:  <20001024124057.A4309@skriver.dk> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <20001023081548.A41843@bsdwins.com> <200010232046.e9NKkLR01463@grimreaper.grondar.za> <200010232321.RAA11268@harmony.village.org> <20001024124057.A4309@skriver.dk> <200010241256.GAA15067@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Oct 24, 2000 at 06:56:25AM -0600, Warner Losh wrote:
> In message <20001024124057.A4309@skriver.dk> Jesper Skriver writes:
> : On Mon, Oct 23, 2000 at 05:21:49PM -0600, Warner Losh wrote:
> : I have a idea, what about updating /entropy from cron every hour or so,
> : then if the box goes down hard for some reason, we'll have a entropy
> : file anyway ...
> 
> This is bad because it exposes the state, the current state, of the
> yarrow random engine to the world.  It is too insecure, imho, to do on
> a regular basis.  I had this same idea at bsdcon and this was pointed
> out.

Can't we just crypt the data with a strong cipher (or, preferably, two or
three strong ciphers) and a key aquired by using random data from Yarrow
before writing it out?  That would not expose state, assuming we trust the
cipher combination we use, and Yarrow is capable of generating random
numbers.  It would have a very slight information leak - an attacker would
be able to confirm a guess at the Yarrow state - but I don't think that
would be a problem (but I'd welcome the opinions of others that know more
details of our implementation.)

I'd not like to write it to swap without encryption; I do not want access to
swap to help in recovering previous Yarrow state.

Eivind.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001024162445.A58246>