From owner-freebsd-current  Fri Jan 12 16: 4:31 2001
Delivered-To: freebsd-current@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8DEB137B400; Fri, 12 Jan 2001 16:04:13 -0800 (PST)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id RAA18043;
	Fri, 12 Jan 2001 17:03:57 -0700 (MST)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id RAA16065;
	Fri, 12 Jan 2001 17:03:56 -0700 (MST)
	(envelope-from nate)
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14943.39713.160666.695146@nomad.yogotech.com>
Date: Fri, 12 Jan 2001 17:02:41 -0700 (MST)
To: Mark Murray <mark@grondar.za>
Cc: Doug Barton <DougB@gorean.org>,
	Warner Losh <imp@harmony.village.org>,
	Sheldon Hearn <sheldonh@uunet.co.za>, markm@FreeBSD.ORG,
	freebsd-current@FreeBSD.ORG
Subject: Re: entropy bikesheds 
In-Reply-To: <200101120619.f0C6JQI12558@gratis.grondar.za>
References: <Pine.BSF.4.31.0101111441370.11112-100000@dt051n37.san.rr.com>
	<200101120619.f0C6JQI12558@gratis.grondar.za>
X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Can we decide this, please - do we want secure startup (which will
> take some effort to achieve), or can we say "screw it" and start
> insecure like the old system?

Can we have both?  Ie; by default we are insecure until some point we
call an ioctl() that says 'no more, you must get real randomness now'.

So, that way we can do the stuff that doesn't require real randomness
(like mounting disks and such), and then once that's over with, the
system forces it into 'secure' mode, at which time it's up to the user
to supply some randomness for it.

If that happens, a user could decide comment out the 'real secure'
thing, and /dev/random would never block.

You can all laugh at me now. :)



Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message