/dev/io , /dev/mem : only used by Xorg?
Kris Kennaway
kris at obsecurity.org
Tue Mar 1 09:27:47 GMT 2005
On Tue, Mar 01, 2005 at 12:02:51AM -0800, Ted Mittelstaedt wrote:
> owner-freebsd-questions at freebsd.org wrote:
> > On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote:
> >
> >> Actually, recompiling openssl to use a prng daemon instead of the
> >> random device will probably improve your ssh security - unless they
> >> have greatly improved the entropy generation in the random device in
> >> 5.X
> >
> > Yes. It seems that you really need to learn about FreeBSD 5.x and
> > how it differs from 4.x.
> >
>
> Do I hear an echo here? Did you miss the part where I said "UNLESS
> they have greatly improved..."
>
> The description of the "all new" randomizer in FreeBSD 5.X is all very
> well but I have not got around to run a test suite against it. So
> until such time as I do, I am not going to assume that it really is
> better. There's a big gap between implementation and architecture.
>
> As I only care to make my stuff crackable by 500 clustered supercomputers
> working for 1 year, instead of 2000 supercomputers working for 100 years,
> I really and truly have had better things to do than test the new
> randomizer. I presume that you are in the same boat Ken, as you have
> not admitted to testing it either. If this is the case, perhaps the
> wise thing to do would be to actually test it, rather than just taking
> the word of the manpage in 5.x that it is better? Eh?
Who's Ken? And yes, I've tested it. So has Mark, and Bruce Schneier,
who wrote the algorithm.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050301/e8b78156/attachment.bin
More information about the freebsd-questions
mailing list