svn commit: r274739 - head/sys/mips/conf
Ian Lepore
ian at FreeBSD.org
Fri Nov 21 19:41:33 UTC 2014
On Fri, 2014-11-21 at 19:37 +0000, Mark R V Murray wrote:
> > On 21 Nov 2014, at 18:57, Ian Lepore <ian at FreeBSD.org> wrote:
> >
> > All I've ever asked for, since day one of discussing this topic, is a
> > knob to prevent /dev/random from blocking, ever. A way in which an
> > administrativive policy decision can be made about what consitutes "good
> > enough" entropy (and by extension, security). The knob could be of the
> > nature that it's hard to turn on accidentally -- it's a dangerous thing
> > and like an industrial stamping press maybe you have to hold down two
> > buttons far apart from each other to make it go.
>
> I’m suspicious of motive here. You are planning on ignoring lousy
> entropy coming out of /dev/random; you seem to need a way of breaking
> to do so. (I can’t think of a better word than “ignoring”; what I mean
> is that you don’t seem to care how bad the output is.)
>
> If you don’t care about the contents of /dev/random, why not simply
> ignore it? Choosing to use tools that require good-quality /dev/random
> output means you should choose other tools, not break /dev/random!
>
> > As far as I know we have that now, but it sounds like not forever. I'm
> > just arguing in favor of providing the tools, making it reasonably hard
> > to accidentally cut yourself on them, but ultimately leaving the policy
> > decisions of how to use them to the people who own and run the systems.
> > I kind of thought that was the unix way.
>
> The Snowden revelations have made folks considerably more paranoid.
>
> Providing tools that bad guys could potentially use where the good guys
> have alternatives is not a way that security-minded folks are keen to
> go.
>
> You have the right to ignore /dev/random. Asking for a back door to
> break it is a bigger deal. Bad guys like these back doors.
>
> M
The arrogance in the way you talk down to me about my right and ability
to decide these things is mind-boggling. It's clear you're going to do
whatever you want, so I guess I'll just shut up.
-- Ian
More information about the freebsd-arch
mailing list