Re: pinebook status update (20200622)

[Alexander Schreiber <als%thangorodrim.ch@localhost>]

On Tue, Jun 23, 2020 at 11:40:45AM +0000, nia wrote:
> On Tue, Jun 23, 2020 at 12:35:30PM +0100, Robert Swindells wrote:
> > 
> > nia <nia%NetBSD.org@localhost> wrote:
> > >On Mon, Jun 22, 2020 at 03:29:28PM +0000, John Klos wrote:
> > >> > Topics:
> > >> > - firefox76 works,firefox77 stucked on my environment
> > >> 
> > >> Firefox blocks on reading /dev/random. Symlink /dev/urandom for now until
> > >> Firefox is fixed.
> > >
> > >Aaah! Is this being tracked anywhere?
> > 
> > Both Pinebook variants have a hardware RNG, their drivers are not hooked
> > up to rnd(9) yet though.
> 
> No, I mean, Firefox should not be reading from /dev/random...

Especially since according to some crypto/security folks I've been talking
to, using /dev/urandom is good enough for basically 99% of use cases,
including key material derivation[0]. Firefox reading from /dev/random
is a bug, presumably due to some developer going "hurr, I've read somewhere
that /dev/urandom is not super secure random, so be safe and read from
/dev/random instead".

> The hardware RNG drivers aren't going to help anyone trying to
> run Firefox on 9.0.

No, but a patch to firefox to fix that bug would ;-)

Kind regards,
           Alex.
[0] That was for current Linux kernels, but I would be surprised if the
    NetBSD kernel was noticeable worse here.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison