Re: Waiting for Randot (or: nia and maya were right and I was wrong)

To: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Subject: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
From: Andreas Gustafsson <gson%gson.org@localhost>
Date: Sun, 17 Jan 2021 10:43:41 +0200

Taylor R Campbell wrote:
> > Even if the unblocking criteria of Linux and FreeBSD are questionable,
> > they still provide more security than your proposal which amounts to
> > having extremely strict criteria but then completely ignoring.
> 
> This is not accurate.  The strict criterion is still available _for
> system integration_, which is where the problem needs to be solved
> anyway, just like other security measures like securelevel and
> fetch_pkg_vulnerabilities.

For the Nth time: if the problem is solved at the system integration
level, there will be no blocking and therefore no need for your
proposed change.

> > Which is why we should deal with the issue by creating an entropy seed
> > at the time of installation or first boot.
> 
> We already do this, and it incorporates any entropy obtained during
> the installation process.

We already had this discussion in the context of PR 55659:

   me> Second, make sure that most systems have sufficient entropy, for
   me> example by creating a random seed file at installation or upgrade
   me> time.

   you> We already do this example.

   me> We already create a seed file at installation time, but in many cases
   me> it has an entropy estimate of zero, so it doesn't actually actually help.
   me> I believe Martin is working on fixing this.

> > To start with, we should re-enable the code Martin already added to
> > sysinst to prompt the user for missing entropy at install time, and we
> > should continue to work on making it easier to use.
> 
> It's not just a prompt -- it will make users feel _trapped_ and hate
> the whole thing, in an installer that already has too many mandatory
> incomprehensible questions.  As a matter of user experience, a
> mandatory question like this that gets in the way of doing anything
> else is a dead end.

I think a major reason why users felt trapped was the unfortunate
user interface design choice of requiring the user to terminate the
manual entropy input with an empty line.  As I wrote to Martin:

  One thing that could be done to make the UI easier to use would be to
  ask the user for a single line of input rather than multiple lines.
  The "Terminate the input with an empty line" thing is not really
  intuitive; when you enter a line of random data and press enter, the
  "2:" prompt gives you the impression that what you already entered is
  not considered sufficient, so instead of just pressing enter again the
  user may choose to enter some more random characters before pressing
  enter again, and then it still looks like it's not enough, ad infinitum.

I for one did feel trapped by this, but it's easily fixed.  I also
think the UI is too complicated and intimidating in general and
needs to be simplified.  But I still think sysinst is the best place
to do this, and certainly more user friendly than being dropped into
single user mode on boot.
-- 
Andreas Gustafsson, gson%gson.org@localhost

Follow-Ups:
- Re: Waiting for Randot
  - From: Taylor R Campbell

References:
- Re: Waiting for Randot (or: nia and maya were right and I was wrong)
  - From: Andreas Gustafsson
- Re: Waiting for Randot (or: nia and maya were right and I was wrong)
  - From: Taylor R Campbell

Prev by Date: Re: master.passwd(5) questions
Next by Date: Re: Waiting for Randot
Previous by Thread: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Next by Thread: Re: Waiting for Randot
Indexes:

Home | Main Index | Thread Index | Old Index