svn commit: r239569 - head/etc/rc.d
Doug Barton
dougb at FreeBSD.org
Mon Sep 10 19:21:46 UTC 2012
On 9/10/2012 12:11 PM, Dag-Erling Smørgrav wrote:
> Doug Barton <dougb at FreeBSD.org> writes:
>> As I have repeated many times now, BEFORE YOU MAKE ANY MORE CHANGES I AM
>> ASKING YOU TO DO THE TESTING TO VERIFY YOUR CLAIMS.
>
> And here's the million-dollar question... how? Boot a VM a million
> times, save the first 4096 bytes that come out of /dev/random at every
> boot, and look for correlation?
If the problem with replay attacks is as bad as Arthur suggest it is, it
should be visible in far less than a million tries.
For the "how much entropy makes it into the pool" question instrumenting
the code should do the trick.
My point being that we have 12 years of successful operation, with no
one (TMK) complaining that they have actually _seen_ the alleged
problems in action. Now we have claims that major problems exist,
requiring drastic changes in the system. As I have said before, it would
be bad engineering to make these changes without proof under any
circumstances. Even more so given that /dev/random is (in some senses) a
security tool.
Doug
--
I am only one, but I am one. I cannot do everything, but I can do
something. And I will not let what I cannot do interfere with what
I can do.
-- Edward Everett Hale, (1822 - 1909)
More information about the freebsd-rc
mailing list