-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/24/13 14:36, Paul Hoffman wrote: > On Dec 24, 2013, at 12:44 PM, Xin Li <delphij_at_delphij.net> wrote: > >> I think we shouldn't save entropy inside jails, as the data is >> not going to be used by rc script (pjd_at_126744). If there is no >> objections, I will commit this changeset on January 1, 2014. > > Even if it is not used by an rc script, it might be used by some > userland program (running as root, of course) that knows about the > directory and wants some fresh entropy for its own use. Why a userland application would want to use these? Would you mind elaborating what kind of use that would be? My understanding is that the saved entropy is used for bootstraping the system only: any applications that wants good random numbers should just use /dev/random because relying on something saved on disk is the worst way for someone who wants more entropy. > Is there a problem with saving the directory in jails? It > certainly isn't taking up much space. No, it's not about space. What I am concerned is that it may have wasted entropy: each time (every */11 minute) the system would get 2048 bytes out from /dev/random per jail. This deterministic behavior may trigger reseeds earlier than wanted. Cheers, - -- Xin LI <delphij_at_delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSuhBlAAoJEJW2GBstM+nss7YQAIYcMq6GflgY7T304J+bdoll TBYA740eQy6iNoyGTSh4VEeKh5GDrwX7GAM5EshrDQMKfagwm0smdYbpWYklUc07 V6sy8uuIvhxM6GOxQqP86tyzMCu9EtiVzfDakKJz1IL8pzVuu6Kbq/CxdA3fC3G4 qQraPMHvpYRsXiOn30B8i0kojMgRAxMOTZRZ4HRByiuZrsVdFYlNxMoh76reMO40 dSq1UPmQMjeDqlEKkAxpR1nN67ebVgFOuXl8O/YjOvNJLnCtcEr6xQcUQso8cbeR j7WCgUmiqCKcoPcE6Bf43Qp1otdeLVP+qoeogWcAPIPrK6XL2wxsVxj6Y44fbkeW Ttfw5iXwR7yt7MSZHP4eXdycZuSRswQUzp9TEyAxclMTE+aHFd0B/C4lViTKTfU1 dglg5goplXCAVCFPXek+R9UnFCFSc9GvlSL2K2d5TNvjDiVdNGc9SDyO7u0qNxV5 Eo+X8W2oR05jiZNHitJyalZSWd62+rn5+R5Pwf3A0hv9opimNX2xVTpfVU7y7DoK dJpPo7S8GvVKK0JgnP9yOvAD2wIjNnLz0T+hmmnygPA+xkrbVZIYdxMxrMQ491Dm /3dej3hDg5panfU7kxjpVmA+mTQbaFwQJeV0gSJDeswBl8JeAwhycchA+rgpPWCN qEziEr9sgMQKdc6JyVf9 =b7jA -----END PGP SIGNATURE-----Received on Tue Dec 24 2013 - 21:53:26 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:45 UTC