Subject: Re: CVS commit: syssrc/sys/dev/ic
To: Perry E. Metzger <perry@wasabisystems.com>
From: Michael Graff <explorer@flame.org>
List: tech-kern
Date: 11/08/2001 13:43:25
"Perry E. Metzger" <perry@wasabisystems.com> writes:

> Sharks, in particular, have audio inputs you can sample noise from --
> so do many such devices. If you really have nothing at all, you
> probably should think about adding something rather than relying on
> the network.

I find it strange that you don't trust networks, but you do trust
audio noise as a source.

I seem to remember some studies that claim audio noise (with and
without a microphone) as being a bad way to gather entropy.

> If the device is a low security item and you truly have no choice, I
> can see using the network for such things, but it is certainly not
> something we want to make particularly easy because that would not
> convey the right message about the security of such things in other
> situations.

It's not the default.  Please don't make it impossible, or even
difficult.

--Michael