> Date: Sun, 04 Apr 2021 12:58:09 -0700 > From: "Greg A. Woods" <wo...@planix.ca> > References: <m1lSlsj-0036x9C@more.local> > <20210404094958.692f360...@jupiter.mumble.net> > > At Sun, 4 Apr 2021 09:49:58 +0000, Taylor R Campbell <riastr...@netbsd.org> > wrote: > Subject: Re: regarding the changes to kernel entropy gathering > > > > Your change _creates_ the lie that every bit of data entered this way > > is drawn from a source with independent uniform distribution. > > No, my change _allows_ the administrator to decide which devices can be > used as estimating/counting entropy sources. For example I know that > many of the devices on almost all of my machines (virtual or otherwise) > are equally good sources of entropy for their uses.
If you know this (and this is something I certainly can't confidently assert!), you can write 32 bytes to /dev/random, save a seed, and be done with it. But users who don't go messing around with obscure rndctl settings in rc.conf will be proverbially shot in the foot by this change -- except they won't notice because there is practically guaranteed to be no feedback whatsoever for a security disaster until their systems turn up in a paper published at Usenix like <https://factorable.net/>. What your change does is equivalent to going around to every device driver that previously said `this provides zero entropy, or I don't know how much entropy it provides' and replacing that claim by `this is a sample of an independent and perfectly uniform random string of bits', which is a much stronger (and falser) claim than even the old `entropy estimation' confabulation that NetBSD used to do.
