Re: regarding the changes to kernel entropy gathering

[John Nemeth <jnemeth%cue.bc.ca@localhost>]

On Apr 4, 23:09, Taylor R Campbell wrote:
} 
} > Date: Sun, 04 Apr 2021 12:58:09 -0700
} > From: "Greg A. Woods" <woods%planix.ca@localhost>
} > References: <m1lSlsj-0036x9C@more.local>
} > 	<20210404094958.692F36085F%jupiter.mumble.net@localhost>
} > 
} > At Sun, 4 Apr 2021 09:49:58 +0000, Taylor R Campbell <riastradh%NetBSD.org@localhost> wrote:
} > >
} > > Your change _creates_ the lie that every bit of data entered this way
} > > is drawn from a source with independent uniform distribution.
} > 
} > No, my change _allows_ the administrator to decide which devices can be
} > used as estimating/counting entropy sources.  For example I know that
} > many of the devices on almost all of my machines (virtual or otherwise)
} > are equally good sources of entropy for their uses.
} 
} If you know this (and this is something I certainly can't confidently
} assert!), you can write 32 bytes to /dev/random, save a seed, and be
} done with it.
} 
} But users who don't go messing around with obscure rndctl settings in
} rc.conf will be proverbially shot in the foot by this change -- except
} they won't notice because there is practically guaranteed to be no
} feedback whatsoever for a security disaster until their systems turn
} up in a paper published at Usenix like <https://factorable.net/>.

     Or, get a repeat of the Debian weak SSH key debacle when they
screwed up their crypto.  I don't expect NetBSD to withstand an
attack by a nation state actor, but I do expect it to stand up to
a wardialing script kiddie.

}-- End of excerpt from Taylor R Campbell