From owner-freebsd-arch@FreeBSD.ORG Wed Aug 7 19:02:26 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D412D193 for ; Wed, 7 Aug 2013 19:02:26 +0000 (UTC) (envelope-from peter@wemm.org) Received: from mail-ve0-x22e.google.com (mail-ve0-x22e.google.com [IPv6:2607:f8b0:400c:c01::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8FBA12140 for ; Wed, 7 Aug 2013 19:02:26 +0000 (UTC) Received: by mail-ve0-f174.google.com with SMTP id d10so2226479vea.5 for ; Wed, 07 Aug 2013 12:02:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Qo7FBhJiHg+kgdPc26H6z3gJSTEx9VjRxTDeiW7m2TE=; b=JCoyrpoMay6o31olwBw7RntS1CZIUn0R8o4SMjGy6rvws85rA1xGQ/YPUXBVTcnwFL 96WMnASPCvN52Hhp1XhFWwSPoqeYijrYRxjwHen9vYhbwAZhjDRx3tKu91MFJ9CHOw7d RBtaU5vkfiXjCplaWtYf29kI10oSmOKfLeR7c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=Qo7FBhJiHg+kgdPc26H6z3gJSTEx9VjRxTDeiW7m2TE=; b=gEUQ8CvE0YPEskF/O4WhoFMMie1dnT09iEMPXCe+Qndky0WUUf4IMahS+ceKo+qbbz 4ofHfLaUSrjCfbPfN6CO/dA+l4oHRlxJAiQ/MQiIdZh3Aqh9aM/Pj9AXtnaMplbQ0gPZ 5LEsdDaKkjWOLnp2bYdlI/M0zL/pn2vdn2kCiFZB4Bsczx77TFulVrWsOavqskniYV0Z mWGuDYmB9OuOP2iKzYTUnYGmYbAbGc6ZMcRE7ZAiSchqrAJ0BXMt4yEm8new2uBLiPgL ReYMH3E379GOT/NGdo4KmERb/4yiRtMEkY6NJy1DR78YqcoRNDq4iW8SJijw+/s0Griq 4fng== X-Gm-Message-State: ALoCoQmxdBpkC2uyU+0Rcyr9wBBUEQPwR+m0hMPH4pydqv2c6AWHUoA5xaN3QjZ9/0GNRca9a0hK MIME-Version: 1.0 X-Received: by 10.52.191.72 with SMTP id gw8mr990762vdc.114.1375902145659; Wed, 07 Aug 2013 12:02:25 -0700 (PDT) Received: by 10.220.167.74 with HTTP; Wed, 7 Aug 2013 12:02:25 -0700 (PDT) In-Reply-To: <20130807185657.GB79570@dragon.NUXI.org> References: <201307292026.r6TKQRRb021717@svn.freebsd.org> <5E61D610-3322-4240-9978-CB277C7161F5@netasq.com> <20130807185657.GB79570@dragon.NUXI.org> Date: Wed, 7 Aug 2013 12:02:25 -0700 Message-ID: Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion From: Peter Wemm To: obrien@freebsd.org, Fabien Thomas , secteam@freebsd.org, freebsd-arch@freebsd.org, Arthur Mesh Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Aug 2013 19:02:26 -0000 On Wed, Aug 7, 2013 at 11:56 AM, David O'Brien wrote: > On Fri, Aug 02, 2013 at 10:05:57AM +0200, Fabien Thomas wrote: >> We need to have very good random by default. Even selecting HW random >> automatically is not very good. HW random is difficult to trust. >> >> Why not having a good default software random seeded by automatically >> detected HW random ? After that the user can choose to bypass the >> software random a feed directly by the HW random source. > > Please don't hijack an infrastructure change that changes nothing for the > GENERIC kernel. The problem people have isn't with GENERIC.. its the less than optimal effect this change causes on custom kernel configs. ie: a magnitude 10 POLA violation. > Please start a separate thread about changing how HW random sources are > handled in random(4) if you like. But that is outside the scope of > this change. > > [Adding flexibility to how the HW sources are used will be in one of our > next proposed changes.] Please don't hold future "do it right" changes hostage to an interim "break things by default" change. If you're going somewhere with this, how about we skip the "broken by default" step and see where you're going? -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV UTF-8: for when a ' just won\342\200\231t do. ZFS must be the bacon of file systems. "everything's better with ZFS"