Re: Waiting for Randot

[Andreas Gustafsson <gson%gson.org@localhost>]

Taylor,

You wrote:
> You and I may be perfectly happy with understanding and addressing the
> technical details at installation time, but I'm not willing to impose
> the same burden on everyone around me.
> 
> There's a tension between several things here:
> 
> 1. Minimizing burden on users -- which means avoiding asking deeply
>    technical questions they may not be competent to answer like `what
>    is a string you just picked uniformly at random from 2^256
>    possibilities?', especially when captive while running sysinst
>    where there's little opportunity to explore and read man pages at
>    leisure.

It doesn't have to be technical.  For example, I would be OK with
sysinst simply saying "Enter a line of random text that no one will be
able to guess" and accepting any input, even the empty string, as
having full entropy.

I'm well aware that most users will just press enter, or if they do
write something, it will contain so little actual entropy that it can
be trivially brute-forced without even needing a rack of GPUs.  But the
amount of entropy in the response is not really the point - the point
is to have at least some justification for considering the system RNG
to be seeded, so that we can avoid blocking in calls like getrandom(p,n,0)
without violating the API guarantee that they will block when not seeded.

In practice, most of the entropy in the installed system will not come
from the user's response, but from things like timing jitter in fetching
and extracting the distribution sets.  But since you are unwilling to
even try to quantify that entropy due to the lack of sufficiently
scientific methods for doing so, we need some other basis for claiming
to have entropy, and this would be one.
-- 
Andreas Gustafsson, gson%gson.org@localhost