> Can we decide this, please - do we want secure startup (which will
> take some effort to achieve), or can we say "screw it" and start
> insecure like the old system?

Can we have both?  Ie; by default we are insecure until some point we
call an ioctl() that says 'no more, you must get real randomness now'.

So, that way we can do the stuff that doesn't require real randomness
(like mounting disks and such), and then once that's over with, the
system forces it into 'secure' mode, at which time it's up to the user
to supply some randomness for it.

If that happens, a user could decide comment out the 'real secure'
thing, and /dev/random would never block.

You can all laugh at me now. :)


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to