| > | Gotcha - fix coming; I need to stash some randomness at shutdown time, and
| > | use that to reseed the RNG at reboot time.
| > 
| > What about saving the state of the RNG and re-reading it on bootup?  That
| > will allow Yarrow to continue right where it left off. :-)
| 
| That's a bad thing. You don't want someone to be able to examine the exact
| PRNG state at next boot by looking at your hard disk after the machine has
| shut down.

I don't see how.  If the attacker has physical access to the machine, there
are plenty worse things to be done than just reading the state of a PRNG.

If the random device is initialized in single user mode, and the file is
then unlink()ed, I don't see any problems with that.

-Dan


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to