On Tue, 11 Sep 2012 16:01:17 -0700 Xin Li wrote:
> Well, 1:1 correspondence is when we fed full text to /dev/random, > which we don't, right? Only the first 4K gets consumed. So: > > Situation 1: we have 45K of plain text, and only first 4k is fed to > /dev/random at about 5 bits of entropy per byte; > > Situation 2: we have 45K of plain text, compress to e.g. 25K and only > first 4k is fed to /dev/random at more than 7.6 bits of entropy per > byte; > > Therefore I think Situation 2 is better than situation 1. It's marginally better, but still a very poor solution. You still lose most of the entropy, and you still end up with a substantial risk of there being no buffers available for /entropy. Situation 3: use a hash; all the entropy (up to an overkill amount) ends up in yarrow, most of the buffer space is left for /entropy. Compression solves neither of the two problem - hashing solves both. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
