Subject: Re: CVS commit: syssrc/sys/dev/ic
To: Perry E. Metzger <perry@wasabisystems.com>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 11/08/2001 08:49:48
On 8 Nov 2001, Perry E. Metzger wrote:

> Sharks, in particular, have audio inputs you can sample noise from --
> so do many such devices. If you really have nothing at all, you
> probably should think about adding something rather than relying on
> the network.
>
> If the device is a low security item and you truly have no choice, I
> can see using the network for such things, but it is certainly not
> something we want to make particularly easy because that would not
> convey the right message about the security of such things in other
> situations.

Is there a way to config a kernel so it can or can not (will or won't) use
network devices for entropy? So we can leave the hooks in the drivers, but
only use them if some flag is set?

And when this flag is set, we print a nasty message in dmesg saying we're
relying on the network for entropy?

Not sure if such a flag should be a sysctl. Also, having the message in
dmesg would tell both the admin and attackers there's a vulnerability.

Take care,

Bill