On Tue, 22 Aug 2006, Daniel Carosone wrote:
> > Userland can't add entropy sources
> Yes, it can.

Also, if entropy is collected from disk devices but there's no disk
I/O, userland can simply perform some disk I/O.  For example, my
/etc/rc.d/cgd kicks off a background dd process with the intent of
gathering some entropy to feed into the random key that's used to
encrypt the swap partition.

> Perhaps we should enable network sources by default if no others are
> available, or just by default always.

Some people seem to think that's harmful, and I can see their point
against setting the "estimate" flag for network devices, but I don't see
the harm in setting network devices to "collect, no estimate".  However,
a device marked "no estimate" will never allow /dev/random to unblock.

--apb (Alan Barrett)