Re: regarding the changes to kernel entropy gathering

[Robert Elz <kre%munnari.OZ.AU@localhost>]

    Date:        Mon, 5 Apr 2021 01:14:01 +0200
    From:        Joerg Sonnenberger <joerg%bec.de@localhost>
    Message-ID:  <YGpIObngKJ4qaxDf%bec.de@localhost>

  | That is discussed in the security model Taylor presented a long time
  | ago. In short: nothing. In most use cases, you are screwed at this point
  | anyway

This is where the disconnect is happening I think.   Many of you are
simply not understanding the point.

I am not screwed, I just don't care.    Is that so hard to understand?

Let me make it plainer.

I run systems on which I allow root logins with no password.   I have run
systems where root ssh access is permitted, put those together and you
get root access from over the net (and telnet would allow that as well).

Alternatively I can aim for greater security, and configure a root
password ... like say the system's host name.

NetBSD allows me to do all that - it might not be the standard configuration,
but it is possible.   You might think it is insane, and that's fine, but
there are reasons.

On recent NetBSD, as I understand it, I can

	dd if=/dev/zero bs=N count=1 >/dev/random

and now I have "entropy".   But it refuses to provide a simpler knob
to do the same thing (or perhaps something a little saner, but equally
as simple to use).

The logic behind that makes no sense to me.

I understand that some people desire highly secure systems (I'm not
convinced that anyone running NetBSD can really justify that desire,
but that's beside the point) and that's fine - make the system be able
to be as secure as possible, just don't require me to enable it, and
don't make it impossible or even difficuly to disable it - and allow
some kind of middle ground, just just "perfectly secure" and "hopeless".

kre