From owner-freebsd-arch@FreeBSD.ORG Thu Aug 8 21:19:59 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 24CB04FA; Thu, 8 Aug 2013 21:19:59 +0000 (UTC) (envelope-from mark@grondar.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DB91423D5; Thu, 8 Aug 2013 21:19:58 +0000 (UTC) Received: from [2001:470:9174:1:7192:47aa:bfbe:3889] by gromit.grondar.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1V7Xch-000PEn-5B; Thu, 08 Aug 2013 22:19:56 +0100 Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Content-Type: multipart/signed; boundary="Apple-Mail=_34F8FED9-9995-41A2-B3F2-4518602F8353"; protocol="application/pgp-signature"; micalg=pgp-sha512 From: Mark R V Murray In-Reply-To: <20130808211657.GC95000@dragon.NUXI.org> Date: Thu, 8 Aug 2013 22:19:46 +0100 Message-Id: <94E41175-EF09-47D1-9661-9AF04E8FA9A0@grondar.org> References: <20130807182858.GA79286@dragon.NUXI.org> <20130807192736.GA7099@troutmask.apl.washington.edu> <5203968D.7060508@freebsd.org> <7018AAA9-0A88-430F-96B7-867E5F529B36@bsdimp.com> <50BE6942-CC39-413C-8E14-C6B93440901B@grondar.org> <20130808211657.GC95000@dragon.NUXI.org> To: obrien@freebsd.org X-Mailer: Apple Mail (2.1508) X-SA-Score: -1.0 Cc: Arthur Mesh , Steve Kargl , secteam@freebsd.org, freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Aug 2013 21:19:59 -0000 --Apple-Mail=_34F8FED9-9995-41A2-B3F2-4518602F8353 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On 8 Aug 2013, at 22:16, "David O'Brien" wrote: > On Thu, Aug 08, 2013 at 08:38:09PM +0100, Mark R V Murray wrote: >> My current inclination is to make Yarrow the basic device (or "Fortuna >> Lite", but that is a problem for MUCH later), and make the hardware >> devices feed Yarrow, if they are present. > > Our approach is mechanism over policy. That is, give the user the > choice of if their HW should be used directly or fed into the SW PRNG. I don't see a problem with that either, as long as there are no nasty surprises like the possibility of getting no RNG at all, and not being in a position to notice. M -- Mark R V Murray --Apple-Mail=_34F8FED9-9995-41A2-B3F2-4518602F8353 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - http://gpgtools.org iQCVAwUBUgQLet58vKOKE6LNAQrT0QP9El0WPf7oFuzBGCHqDScozZCMtLP81c/A i+RGW4w5y6zJsOEqgd6osxu+zUUoAxRa4gBP1lcj3HKu23G+66Uv2VdrNGvfoWrJ uqdSxsAus1sRqFpAIv8D8qg/+BkN+jAbkbY/iaBnrAKi90MZ0WGn4pdXA6VgQTD8 v+dpbKqe6YU= =T90A -----END PGP SIGNATURE----- --Apple-Mail=_34F8FED9-9995-41A2-B3F2-4518602F8353--