Re: recent sysinst UX changesg

[nia <nia%NetBSD.org@localhost>]

On Mon, Nov 09, 2020 at 11:03:31AM +0000, nia wrote:
> On Mon, Nov 09, 2020 at 11:18:31AM +0100, Martin Husemann wrote:
> > On Mon, Nov 09, 2020 at 10:10:56AM +0000, nia wrote:
> > > fwiw, i think the default options should be as close to Just Work as possible.
> > > 
> > > i have installed NetBSD irl with people who have only a little bit of unix
> > > knowledge, and watched them wince every time something doesn't go as planned.
> > > often this is on older, spare hardware, that's just to play with the OS on,
> > > so it is likely to not have >2015 CPU features (RDRAND).
> > 
> > I totaly agree with both of this, but "just work" is not a clear target,
> > especially when a simple step makes a difference in security (whether
> > manually typing in random things *does* make a difference is probably
> > for another debate).
> > 
> > The description pointing at copying output from another machine is just
> > an option (and it actually helps a lot when you do installs via serial
> > console or similar).
> > 
> > So: happy to make it more userfriendly, simpler, rephrase messages,
> > whatever needed - but we should not end up with insecure installs.
> > 
> > Martin
> 
> Requiring users to type in data is just going to result in a lot of
> users mashing the keyboard to get an install to work, is all I'm saying.
> That's no better than copying 32 bytes back into /dev/urandom to continue
> with the existing seed. The installation involves user input, after all.
> 
> Treating USB RNGs as a common use case for everyday installs is an odd
> decision. They're probably common to have among a subset of NetBSD
> developers, and, well, nobody else.
> 
> +{This system seems to lack a cryptographically strong pseudo random
> +number generator. There is not enough entropy available to create secure
> +keys (e.g. ssh host keys). 
> +
> +You may use random data generated on another computer and load it
> +here, or you could enter random characters manually. 
> + 
> +If you own a USB random number device, connect it now and select
> +the "Re-test" option.}
> 
> I would change this to:
> 
> "{This system seems to lack a quality hardware random number generator.
> 
> For increased system security, you may load random data generated
> on another computer. NetBSD will then use this as a seed.
> 
> Otherwise, the installer can continue with a potentially insecure
> seed using data collected during the installation process.}"
> 
> +message entropy_continue	{Continue with existing potentially insecure seed}
> +message entropy_download_seed	{Import random data from another machine}
> 
> Lacking a HWRNG is the actual problem. Let's describe the actual problem.
> I don't think we need to present every new user installing NetBSD with
> information about USB RNG devices or crypto jargon.

By the way,
My thinkpad t60 has an audio dac. It has inputs. Audio DACs physically produce
random noise.

Since this is sysinst, power consumption concerns about sampling from
the DAC don't apply: Enable all inputs in sysinst, set gain to max, read 32
bytes from /dev/audio, return to normal state.

There's really no reason at all for this hardware to have entropy problems.