Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Aug 2013 12:02:25 -0700
From:      Peter Wemm <peter@wemm.org>
To:        obrien@freebsd.org, Fabien Thomas <fabien.thomas@netasq.com>, secteam@freebsd.org,  freebsd-arch@freebsd.org, Arthur Mesh <arthurmesh@gmail.com>
Subject:   Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion
Message-ID:  <CAGE5yCpEN9GDQcWAGug%2BxvaT9D9wtS%2BTg2U1cAJf6Pt1vxZVoA@mail.gmail.com>
In-Reply-To: <20130807185657.GB79570@dragon.NUXI.org>
References:  <201307292026.r6TKQRRb021717@svn.freebsd.org> <5E61D610-3322-4240-9978-CB277C7161F5@netasq.com> <20130807185657.GB79570@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Aug 7, 2013 at 11:56 AM, David O'Brien <obrien@freebsd.org> wrote:
> On Fri, Aug 02, 2013 at 10:05:57AM +0200, Fabien Thomas wrote:
>> We need to have very good random by default.  Even selecting HW random
>> automatically is not very good. HW random is difficult to trust.
>>
>> Why not having a good default software random seeded by automatically
>> detected HW random ?  After that the user can choose to bypass the
>> software random a feed directly by the HW random source.
>
> Please don't hijack an infrastructure change that changes nothing for the
> GENERIC kernel.

The problem people have isn't with GENERIC.. its the less than optimal
effect this change causes on custom kernel configs.  ie: a magnitude
10 POLA violation.

> Please start a separate thread about changing how HW random sources are
> handled in random(4) if you like.  But that is outside the scope of
> this change.
>
> [Adding flexibility to how the HW sources are used will be in one of our
> next proposed changes.]

Please don't hold future "do it right" changes hostage to an interim
"break things by default" change.  If you're going somewhere with
this, how about we skip the "broken by default" step and see where
you're going?

-- 
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV
UTF-8: for when a ' just won\342\200\231t do.
<brueffer> ZFS must be the bacon of file systems. "everything's better with ZFS"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGE5yCpEN9GDQcWAGug%2BxvaT9D9wtS%2BTg2U1cAJf6Pt1vxZVoA>