Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering

Personally, I'm happy with anything that your average high school
student is unlikely to be able to crack in an hour.   I don't run
a bank, or a military installation, and I'm not the NSA.   If someone
is prepared to put in the effort required to break into my systems,
then let them, it isn't worth the cost to prevent that tiny chance.
That's the same way that my house has ordinary locks - I'm sure they
can be picked by someone who knows what they're doing, and better
security is available, at a price, but a nice happy medium is what
fits me best.

FWIW, I used to work for a company whose marketing motto was

	Good enough isn't!

But I definitely agree with you - what we used to have is "good
enough" for the vast bulk of our users and potential users.

Perhaps sysinst(8) should ask

	Do you need a hyper-secure system?

If yes, then leave things as they are today.  But if you answer no,
we should automatically copy enough pseudo-entropy bits to /dev/rnd
to prevent future blocking.

| Paul Goyette       | PGP Key fingerprint:     | E-mail addresses:     |
| (Retired)          | FA29 0E3B 35AF E8AE 6651 |     |
| Software Developer | 0786 F758 55DE 53BA 7731 |   |

Home | Main Index | Thread Index | Old Index