Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering



At Wed, 7 Apr 2021 22:47:39 +0200, Martin Husemann <martin%duskware.de@localhost> wrote:
Subject: Re: regarding the changes to kernel entropy gathering
> 
> When you create a custom setup like that, you will have to replace
> etc/rc.d/entropy with a custom solution (e.g. mounting some flash storage).

No storage means "NO storage.".

> Or you ignore the issue and do the dd at each boot - hopefully not generating
> any strong keys on that machine then (but you would have no good storage
> for those anyway).

Or I don't ignore the issue and instead I fix the code so that it's
still possible to get entropy estimates from non-hardware-RNG devices
and then things keep working the way they used to, and there's still
some possibility of _real_ entropy being used to seed the PRNGs.

From what I've seen here so far I'm far from alone in wanting that
ability.

What's most confusing is to why there's such animosity and stubborn
unwillingness to even consider that the old way of getting some entropy
from a few less-than-perfect sources was good enough for many, or even
most, of us.

It's better than no entropy when there are no "perfect" sources, and
that's also a situation that includes many of us.

It doesn't have to be the default.

-- 
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpvqsPAEOrOJ.pgp
Description: OpenPGP Digital Signature



Home | Main Index | Thread Index | Old Index