From owner-svn-src-head@freebsd.org Sat Jul 25 17:47:00 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D10209AB5A1; Sat, 25 Jul 2015 17:47:00 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A87471E59; Sat, 25 Jul 2015 17:47:00 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t6PHkxDw023646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 25 Jul 2015 10:46:59 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t6PHkxSY023645; Sat, 25 Jul 2015 10:46:59 -0700 (PDT) (envelope-from jmg) Date: Sat, 25 Jul 2015 10:46:59 -0700 From: John-Mark Gurney To: Mark R V Murray Cc: src-committers , svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Subject: Re: svn commit: r284959 - in head: . share/man/man4 share/man/man9 sys/conf sys/dev/glxsb sys/dev/hifn sys/dev/random sys/dev/rndtest sys/dev/safe sys/dev/syscons sys/dev/ubsec sys/dev/virtio/random sy... Message-ID: <20150725174659.GW78154@funkthat.com> References: <20150724012519.GE78154@funkthat.com> <96EA33AB-7325-4DD2-83F4-B4FAF6F47CB5@yahoo.com> <20150725062651.GU78154@funkthat.com> <30C50677-D00A-46B3-AF7A-62FC299D409F@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <30C50677-D00A-46B3-AF7A-62FC299D409F@FreeBSD.org> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Sat, 25 Jul 2015 10:46:59 -0700 (PDT) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jul 2015 17:47:01 -0000 Mark R V Murray wrote this message on Sat, Jul 25, 2015 at 09:22 +0100: > > On 25 Jul 2015, at 07:26, John-Mark Gurney wrote: > > > > Once you have enough useful bits in /dev/random, you can NEVER run out > > of useful bits from /dev/random... > > > > [Well, not quite NEVER, but not for a few millennia.] > > So is your position effectively anti-harvesting, or at least to turn > off all harvesting after a certain time and never turn it on again? No, I am not, I was just stating a fact of how CSPRNGs work that people keep forgetting... I'm totally against massive collection that has minimal benefit, but massive performance costs... I raised this issue in the review and you still haven't disabled INODE collection, plus you admitted that you hadn't done benchmarks on the uma case... It's way more important to have a good seed at first boot for your rng when you generate long term ssh keys and the like than it is to continually collecting high rate randomness from the system... > If so, we are pretty far apart philosophically. > > DJB???s position is interesting, but I am far from persuaded by it. What points are you not persuaded by? Are there any questions that I could get answers for that would persuade you to change your mind? I'm not against continually collecting entropy, I just don't think it needs to be high speed, or that frequent.. My suggestion is for a thread to run every few seconds to grovel around collecting some entropy, and adding it... Obviously low perf impact collection points like the keyboard should remain as that continues to one of the best sources (when active/available)... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."