tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: regarding the changes to kernel entropy gathering
On Sun, Apr 04, 2021 at 02:16:41PM -0700, Paul Goyette wrote:
> > Personally, I'm happy with anything that your average high school
> > student is unlikely to be able to crack in an hour. I don't run
> > a bank, or a military installation, and I'm not the NSA. If someone
> > is prepared to put in the effort required to break into my systems,
> > then let them, it isn't worth the cost to prevent that tiny chance.
> > That's the same way that my house has ordinary locks - I'm sure they
> > can be picked by someone who knows what they're doing, and better
> > security is available, at a price, but a nice happy medium is what
> > fits me best.
>
> FWIW, I used to work for a company whose marketing motto was
>
> Good enough isn't!
>
> But I definitely agree with you - what we used to have is "good
> enough" for the vast bulk of our users and potential users.
>
> Perhaps sysinst(8) should ask
>
> Do you need a hyper-secure system?
>
> If yes, then leave things as they are today. But if you answer no,
> we should automatically copy enough pseudo-entropy bits to /dev/rnd
> to prevent future blocking.
For most architectures, sysinst does do exactly that. It assumes that
you don't just reset or reboot, but properly shutdown the system.
Joerg
Home |
Main Index |
Thread Index |
Old Index