Date: Fri, 21 Nov 2014 12:41:29 -0700 From: Ian Lepore <ian@FreeBSD.org> To: Mark R V Murray <mark@grondar.org> Cc: arch@freebsd.org, John-Mark Gurney <jmg@funkthat.com>, Adrian Chadd <adrian@freebsd.org> Subject: Re: svn commit: r274739 - head/sys/mips/conf Message-ID: <1416598889.1147.297.camel@revolution.hippie.lan> In-Reply-To: <F017033A-B761-4435-A7F8-264D2F4662A0@grondar.org> References: <201411200552.sAK5qnXP063073@svn.freebsd.org> <20141120084832.GE24601@funkthat.com> <AE8F2D30-7F91-4C90-B79A-D99857D8AED8@grondar.org> <20141121092245.GI99957@funkthat.com> <1416582989.1147.250.camel@revolution.hippie.lan> <026FEB8A-CA8C-472F-A8E4-DA3D0AC44B34@grondar.org> <1416596266.1147.290.camel@revolution.hippie.lan> <F017033A-B761-4435-A7F8-264D2F4662A0@grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2014-11-21 at 19:37 +0000, Mark R V Murray wrote: > > On 21 Nov 2014, at 18:57, Ian Lepore <ian@FreeBSD.org> wrote: > > > > All I've ever asked for, since day one of discussing this topic, is a > > knob to prevent /dev/random from blocking, ever. A way in which an > > administrativive policy decision can be made about what consitutes "good > > enough" entropy (and by extension, security). The knob could be of the > > nature that it's hard to turn on accidentally -- it's a dangerous thing > > and like an industrial stamping press maybe you have to hold down two > > buttons far apart from each other to make it go. > > I˙m suspicious of motive here. You are planning on ignoring lousy > entropy coming out of /dev/random; you seem to need a way of breaking > to do so. (I can˙t think of a better word than ´ignoringĄ; what I mean > is that you don˙t seem to care how bad the output is.) > > If you don˙t care about the contents of /dev/random, why not simply > ignore it? Choosing to use tools that require good-quality /dev/random > output means you should choose other tools, not break /dev/random! > > > As far as I know we have that now, but it sounds like not forever. I'm > > just arguing in favor of providing the tools, making it reasonably hard > > to accidentally cut yourself on them, but ultimately leaving the policy > > decisions of how to use them to the people who own and run the systems. > > I kind of thought that was the unix way. > > The Snowden revelations have made folks considerably more paranoid. > > Providing tools that bad guys could potentially use where the good guys > have alternatives is not a way that security-minded folks are keen to > go. > > You have the right to ignore /dev/random. Asking for a back door to > break it is a bigger deal. Bad guys like these back doors. > > M The arrogance in the way you talk down to me about my right and ability to decide these things is mind-boggling. It's clear you're going to do whatever you want, so I guess I'll just shut up. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1416598889.1147.297.camel>