[Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh]
Devon H. O'Dell
dodell at sitetronics.com
Fri Sep 19 05:43:25 PDT 2003
Mark Murray wrote:
>"David G. Andersen" writes:
>
>
>> You're mistaken. /dev/random stops feeding you random bits
>>when it doesn't have enough. /dev/urandom depletes the entropy
>>pool, but when it starts to run out, it falls back to hashing
>>to generate pseudo-random sequences from the random bits that
>>it can obtain.
>>
>>
>
>Mostly correct :-).
>
>/dev/urandom (in FreeBSD-4-*) always hashes the pool. It doesn't care
>whether or not entropy has been harvested first, unlike /dev/random
>which requires a positive entropy count before suppying output.
>(This provides a doozy of a DoS, BTW, where "cat /dev/urandom > /dev/null"
>renders /dev/random useless).
>
>M
>--
>Mark Murray
>iumop ap!sdn w,I idlaH
>
>
Well, I'm glad to have gotten these several comments; I wasn't quite
sure how it worked. Nice to see that the Yarrow is being used in 5.x :)
--Devon
More information about the freebsd-security
mailing list