On Sun, Apr 04, 2021 at 02:16:41PM -0700, Paul Goyette wrote: > > Personally, I'm happy with anything that your average high school > > student is unlikely to be able to crack in an hour. I don't run > > a bank, or a military installation, and I'm not the NSA. If someone > > is prepared to put in the effort required to break into my systems, > > then let them, it isn't worth the cost to prevent that tiny chance. > > That's the same way that my house has ordinary locks - I'm sure they > > can be picked by someone who knows what they're doing, and better > > security is available, at a price, but a nice happy medium is what > > fits me best. > > FWIW, I used to work for a company whose marketing motto was > > Good enough isn't! > > But I definitely agree with you - what we used to have is "good > enough" for the vast bulk of our users and potential users. > > Perhaps sysinst(8) should ask > > Do you need a hyper-secure system? > > If yes, then leave things as they are today. But if you answer no, > we should automatically copy enough pseudo-entropy bits to /dev/rnd > to prevent future blocking.
For most architectures, sysinst does do exactly that. It assumes that you don't just reset or reboot, but properly shutdown the system. Joerg