Date: Fri, 21 Nov 2014 12:41:29 -0700 From: Ian Lepore <ian@FreeBSD.org> To: Mark R V Murray <mark@grondar.org> Cc: arch@freebsd.org, John-Mark Gurney <jmg@funkthat.com>, Adrian Chadd <adrian@freebsd.org> Subject: Re: svn commit: r274739 - head/sys/mips/conf Message-ID: <1416598889.1147.297.camel@revolution.hippie.lan> In-Reply-To: <F017033A-B761-4435-A7F8-264D2F4662A0@grondar.org> References: <201411200552.sAK5qnXP063073@svn.freebsd.org> <20141120084832.GE24601@funkthat.com> <AE8F2D30-7F91-4C90-B79A-D99857D8AED8@grondar.org> <20141121092245.GI99957@funkthat.com> <1416582989.1147.250.camel@revolution.hippie.lan> <026FEB8A-CA8C-472F-A8E4-DA3D0AC44B34@grondar.org> <1416596266.1147.290.camel@revolution.hippie.lan> <F017033A-B761-4435-A7F8-264D2F4662A0@grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2014-11-21 at 19:37 +0000, Mark R V Murray wrote: > > On 21 Nov 2014, at 18:57, Ian Lepore <ian@FreeBSD.org> wrote: > >=20 > > All I've ever asked for, since day one of discussing this topic, is a > > knob to prevent /dev/random from blocking, ever. A way in which an > > administrativive policy decision can be made about what consitutes "g= ood > > enough" entropy (and by extension, security). The knob could be of t= he > > nature that it's hard to turn on accidentally -- it's a dangerous thi= ng > > and like an industrial stamping press maybe you have to hold down two > > buttons far apart from each other to make it go. >=20 > I=FFm suspicious of motive here. You are planning on ignoring lousy > entropy coming out of /dev/random; you seem to need a way of breaking > to do so. (I can=FFt think of a better word than =B4ignoring=A1; what I= mean > is that you don=FFt seem to care how bad the output is.) >=20 > If you don=FFt care about the contents of /dev/random, why not simply > ignore it? Choosing to use tools that require good-quality /dev/random > output means you should choose other tools, not break /dev/random! >=20 > > As far as I know we have that now, but it sounds like not forever. I= 'm > > just arguing in favor of providing the tools, making it reasonably ha= rd > > to accidentally cut yourself on them, but ultimately leaving the poli= cy > > decisions of how to use them to the people who own and run the system= s. > > I kind of thought that was the unix way. >=20 > The Snowden revelations have made folks considerably more paranoid. >=20 > Providing tools that bad guys could potentially use where the good guys > have alternatives is not a way that security-minded folks are keen to > go. >=20 > You have the right to ignore /dev/random. Asking for a back door to > break it is a bigger deal. Bad guys like these back doors. >=20 > M The arrogance in the way you talk down to me about my right and ability to decide these things is mind-boggling. It's clear you're going to do whatever you want, so I guess I'll just shut up. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1416598889.1147.297.camel>