On Mon, Apr 05, 2021 at 02:13:31PM -0700, Greg A. Woods wrote:
> At Mon, 5 Apr 2021 15:37:49 -0400, Thor Lancelot Simon wrote:
> Subject: Re: regarding the changes to kernel entropy gathering
> >
> > On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote:
> > >
> > > BTW, to me reusing the
Updating src tree:
P src/external/mpl/bind/dist/bin/check/check-tool.c
P src/external/mpl/bind/dist/bin/check/named-checkconf.c
P src/external/mpl/bind/dist/bin/check/named-checkzone.c
P src/external/mpl/bind/dist/bin/confgen/util.h
P src/external/mpl/bind/dist/bin/delv/delv.c
P
At Mon, 5 Apr 2021 15:37:49 -0400, Thor Lancelot Simon wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote:
> >
> > BTW, to me reusing the same entropy on every reboot seems less secure.
>
> Sure. But that's not
On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote:
>
> BTW, to me reusing the same entropy on every reboot seems less secure.
Sure. But that's not what the code actually does.
Please, read the code in more depth (or in this case, breadth), then argue
about it.
At Mon, 5 Apr 2021 15:35:12 -0400, Thor Lancelot Simon wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> All those inputs are *already* being injected into the entropy pool. If you
> don't understand that, you need to read the code more.
I don't see how. I don't see any
On Mon, Apr 05, 2021 at 09:30:16AM -0700, Greg A. Woods wrote:
> At Mon, 5 Apr 2021 10:46:19 +0200, Manuel Bouyer
> wrote:
> Subject: Re: regarding the changes to kernel entropy gathering
> >
> > If I understood it properly, there's no need for such a knob.
> > echo
On Sun, Apr 04, 2021 at 01:08:20PM -0700, Greg A. Woods wrote:
>
> I trust the randomness and in-observability and isolation of the
> behaviour of my system's fans far more than I would trust Intel's RDRAND
> or RDSEED instructions.
I do not. However, I do differ with Taylor in that I believe
On Mon, Apr 05, 2021 at 09:30:16AM -0700, Greg A. Woods wrote:
> At Mon, 5 Apr 2021 10:46:19 +0200, Manuel Bouyer
> wrote:
> Subject: Re: regarding the changes to kernel entropy gathering
> >
> > If I understood it properly, there's no need for such a knob.
> > echo
At Mon, 5 Apr 2021 03:02:42 +0200, Joerg Sonnenberger wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> Except that's not what the system is doing. It removes the seed file on
> boot and creates a new one on shutdown.
That's not exactly what the documentation says it does
At Mon, 5 Apr 2021 07:04:32 - (UTC), mlel...@serpens.de (Michael van Elst)
wrote:
Subject: Re: how do I mount a read-only filesystem from the "root device"
prompt?
>
> Someone would need to write code to "upgrade" vnodes. I doubt that's
> trivial.
Indeed -- I've underestimated the
At Mon, 5 Apr 2021 16:13:55 +1200, Lloyd Parkes
wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> The current implementation prints out a message whenever it blocks a
> process that wants randomness, which immediately makes this
> implementation superior to all others
At Mon, 5 Apr 2021 10:46:19 +0200, Manuel Bouyer wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> If I understood it properly, there's no need for such a knob.
> echo 0123456789abcdef0123456789abcdef > /dev/random
>
> will get you back to the state we had in netbsd-9,
At Sun, 4 Apr 2021 18:47:23 -0700, Brian Buhrow wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> Hello. As I understand it, Greg ran into this problem on a xen domu.
> In checking my NetBSD-9 system running as a domu under xen-4.14.1,
> there is no rdrand or rdseed
This is an automatically generated notice of new failures of the
NetBSD test suite.
The newly failing test cases are:
crypto/opencrypto/t_opencrypto:aescbc
crypto/opencrypto/t_opencrypto:aesctr1
crypto/opencrypto/t_opencrypto:comp_deflate
crypto/opencrypto/t_opencrypto:md5
On Sun, Apr 04, 2021 at 03:13:35PM -0700, Greg A. Woods wrote:
> I would think it's not just CDs and hypervisor-provided virtual devices
> that can have multiple partitions, use wedges, and yet be read-only.
>
> Are not a wide variety of removable storage devices also capable of
> being made
On Sun, Apr 04, 2021 at 06:47:23PM -0700, Brian Buhrow wrote:
> Hello. As I understand it, Greg ran into this problem on a xen domu. In
> checking my NetBSD-9
> system running as a domu under xen-4.14.1, there is no rdrand or rdseed
> feature exposed to
> domu's by xen. This observation is
On Mon, Apr 05, 2021 at 01:16:56AM +, RVP wrote:
> [...]
> Hmm. I have to say, that now I find myself not disagreeing with Greg's
> point of view: Maybe NetBSD's default is too strict and a knob like
> kern.entropy.use_pooh_poohed_sources=1 would not be a bad thing for
> some users--with all
On Apr 4, 23:09, Taylor R Campbell wrote:
}
} > Date: Sun, 04 Apr 2021 12:58:09 -0700
} > From: "Greg A. Woods"
} > References:
} > <20210404094958.692f360...@jupiter.mumble.net>
} >
} > At Sun, 4 Apr 2021 09:49:58 +, Taylor R Campbell
wrote:
} > >
} > > Your change _creates_ the lie
jo...@bec.de (Joerg Sonnenberger) writes:
>Part of the problem here is that most of the non-RNG data sources are
>easily observable either from the local system (e.g. any malicious user)
>or other VMs on the same machine (in case of a hypervisor) or local
>machines on the same network (in case of
wo...@planix.ca ("Greg A. Woods") writes:
>Given the layers of devices and code involved, perhaps it might be
>possible to just honour the original mode requested by the code opening
>the first partition to mount a filesystem, and then to upgrade the vnode
>to write mode if/when that mount is
On Mon, Apr 05, 2021 at 12:51:44AM +0200, Joerg Sonnenberger wrote:
> On Sun, Apr 04, 2021 at 02:16:41PM -0700, Paul Goyette wrote:
> > Perhaps sysinst(8) should ask
> >
> > Do you need a hyper-secure system?
> >
> > If yes, then leave things as they are today. But if you answer no,
> > we
21 matches
Mail list logo