Re: libbsd package

To: Thorsten Glaser <tg@mirbsd.de>
Cc: debian-bsd@lists.debian.org, Mikael Berthe <mikael.berthe@lilotux.net>
Subject: Re: libbsd package
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 18 Jul 2008 22:41:32 +0200
Message-id: <[🔎] 87y73zncw3.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] Pine.BSM.4.64L.0807181721180.17556@odem.66h.42h.de> (Thorsten Glaser's message of "Fri, 18 Jul 2008 17:23:16 +0000 (UTC)")
References: <Pine.BSM.4.64L.0806292125100.30307@herc.mirbsd.org> <20080630191209.GG10329@lilotux.net> <Pine.BSM.4.64L.0806302324010.5390@herc.mirbsd.org> <[🔎] 873am7dxep.fsf@mid.deneb.enyo.de> <[🔎] Pine.BSM.4.64L.0807181721180.17556@odem.66h.42h.de>

* Thorsten Glaser:

> Florian Weimer dixit:
>
>>I'd also see a change that limits the number of bytes which is read from
>>/dev/urandom (32 or fewer should be enough).  I'm concerned about
>>looping shell scripts darinign entropy from the pool at an unacceptably
>>high rate.
>
> For things like that, the OpenBSD and MirBSD kernels have /dev/arandom,
> which itself is also generated from arc4random(9). It's interesting that
> things like that haven't yet been picked up by other operating systems.

While this is arguably the correct fix (it also addresses the threading
issue), it is not something we can roll out in a security update because
it's unlikely to find its way into upstream kernels.

Reply to:

References:
- Re: libbsd package
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: libbsd package
  - From: Thorsten Glaser <tg@mirbsd.de>

Prev by Date: Re: libbsd package
Next by Date: Re: libbsd package
Previous by thread: Re: libbsd package
Next by thread: Re: libbsd package
Index(es):
- Date
- Thread