tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Waiting for Randot (or: nia and maya were right and I was wrong)



On 16.01.2021 14:29, Taylor R Campbell wrote:
>> Date: Sat, 16 Jan 2021 13:21:21 +0100
>> From: Kamil Rytarowski <kamil%netbsd.org@localhost>
>>
>> On 11.01.2021 02:25, Taylor R Campbell wrote:
>>> Many of you have no doubt noticed that a lot more things hang waiting
>>> for entropy than used to on machines without hardware random number
>>> generators (even as we've added a bunch of new drivers for HWRNGs) --
>>> e.g., python, firefox.
>>
>> Can we overload the ENOSYS return value and return it for CPUs without
>> hardware assisted random number generator? This way we certainly catch
>> real bugs in software that do not handle ENOSYS anyway.
> 
> How does that detect real bugs? 

Lack of fallback is a bug for preexisting Linux users.

> How does it improve anything?
> 

The improvement is achieved by deferring the problem out of the kernel
to userspace applications if there is no HWRNG device driver.

An application could fallback in a typical case to plain sysctl(3),
arc4random(3) or some other source of randomness delivered by a user if
that is really necessary.

At the end of this, getrandom(2) never hangs forever due to the lack of
HWRNG device.

I don't feel as a user much interested in maintaining a dedicated
rc.conf(5) switches or motd warnings. Such things add extra management
complexity without any gains for me. Once I will be paranoid, I will not
defer such features to OS anyway and ensure proper source of randomness
on my own.

Attachment: signature.asc
Description: OpenPGP digital signature



Home | Main Index | Thread Index | Old Index