On Apr 4, 23:09, Taylor R Campbell wrote: } } > Date: Sun, 04 Apr 2021 12:58:09 -0700 } > From: "Greg A. Woods" <wo...@planix.ca> } > References: <m1lSlsj-0036x9C@more.local> } > <20210404094958.692f360...@jupiter.mumble.net> } > } > At Sun, 4 Apr 2021 09:49:58 +0000, Taylor R Campbell <riastr...@netbsd.org> wrote: } > > } > > Your change _creates_ the lie that every bit of data entered this way } > > is drawn from a source with independent uniform distribution. } > } > No, my change _allows_ the administrator to decide which devices can be } > used as estimating/counting entropy sources. For example I know that } > many of the devices on almost all of my machines (virtual or otherwise) } > are equally good sources of entropy for their uses. } } If you know this (and this is something I certainly can't confidently } assert!), you can write 32 bytes to /dev/random, save a seed, and be } done with it. } } But users who don't go messing around with obscure rndctl settings in } rc.conf will be proverbially shot in the foot by this change -- except } they won't notice because there is practically guaranteed to be no } feedback whatsoever for a security disaster until their systems turn } up in a paper published at Usenix like <https://factorable.net/>.
Or, get a repeat of the Debian weak SSH key debacle when they screwed up their crypto. I don't expect NetBSD to withstand an attack by a nation state actor, but I do expect it to stand up to a wardialing script kiddie. }-- End of excerpt from Taylor R Campbell