tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering (Havard Eidnes) writes:

>I also presented a workaround for this problem; if you are reasonably
>certain that you actually have mixed in a sufficient number of bits of
>sufficient quality into the randomness pool (see "rndctl -l -v"), you
>can do

Isn't that the same as before? Waiting some time and then assume things
are good enough ?

The difference is that previously it was done automatically based
on some _estimate_ of entropy created by system activity and random
physical processes (even based on thermal noise, that you consider
worthy). And now someone has to manually do this in an obscure way
and has no means to even guess about entropy.

We can surely argue about whether this estimate is correct or precise
and whether it is safe to use. Some people would decide that it's
not good enough and _ignore entropy estimation_ as necessary, just
like we ignored entropy estimation for network devices. In the current
virtualized world I would even agree that it's necessary to ignore many
of the estimates by default.

We could also argue about finding other estimators, just like you would
replace the PRNG if it doesn't meet some standard.

But that's not the point.

That choice was deliberately removed based on crystal clear arguments
like being "unscientific" or "fabulated" or "a lie" or whatever
other mockery words could be found.

And that's why the thread ends here.

Home | Main Index | Thread Index | Old Index