Date: Fri, 21 Nov 2014 19:37:23 +0000 From: Mark R V Murray <mark@grondar.org> To: Ian Lepore <ian@FreeBSD.org> Cc: arch@freebsd.org, John-Mark Gurney <jmg@funkthat.com>, Adrian Chadd <adrian@freebsd.org> Subject: Re: svn commit: r274739 - head/sys/mips/conf Message-ID: <F017033A-B761-4435-A7F8-264D2F4662A0@grondar.org> In-Reply-To: <1416596266.1147.290.camel@revolution.hippie.lan> References: <201411200552.sAK5qnXP063073@svn.freebsd.org> <20141120084832.GE24601@funkthat.com> <AE8F2D30-7F91-4C90-B79A-D99857D8AED8@grondar.org> <20141121092245.GI99957@funkthat.com> <1416582989.1147.250.camel@revolution.hippie.lan> <026FEB8A-CA8C-472F-A8E4-DA3D0AC44B34@grondar.org> <1416596266.1147.290.camel@revolution.hippie.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 21 Nov 2014, at 18:57, Ian Lepore <ian@FreeBSD.org> wrote: >=20 > All I've ever asked for, since day one of discussing this topic, is a > knob to prevent /dev/random from blocking, ever. A way in which an > administrativive policy decision can be made about what consitutes = "good > enough" entropy (and by extension, security). The knob could be of = the > nature that it's hard to turn on accidentally -- it's a dangerous = thing > and like an industrial stamping press maybe you have to hold down two > buttons far apart from each other to make it go. I=E2=80=99m suspicious of motive here. You are planning on ignoring = lousy entropy coming out of /dev/random; you seem to need a way of breaking to do so. (I can=E2=80=99t think of a better word than =E2=80=9Cignoring=E2= =80=9D; what I mean is that you don=E2=80=99t seem to care how bad the output is.) If you don=E2=80=99t care about the contents of /dev/random, why not = simply ignore it? Choosing to use tools that require good-quality /dev/random output means you should choose other tools, not break /dev/random! > As far as I know we have that now, but it sounds like not forever. = I'm > just arguing in favor of providing the tools, making it reasonably = hard > to accidentally cut yourself on them, but ultimately leaving the = policy > decisions of how to use them to the people who own and run the = systems. > I kind of thought that was the unix way. The Snowden revelations have made folks considerably more paranoid. Providing tools that bad guys could potentially use where the good guys have alternatives is not a way that security-minded folks are keen to go. You have the right to ignore /dev/random. Asking for a back door to break it is a bigger deal. Bad guys like these back doors. M --=20 Mark R V Murray
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F017033A-B761-4435-A7F8-264D2F4662A0>