h...@netbsd.org (Havard Eidnes) writes: >I also presented a workaround for this problem; if you are reasonably >certain that you actually have mixed in a sufficient number of bits of >sufficient quality into the randomness pool (see "rndctl -l -v"), you >can do
Isn't that the same as before? Waiting some time and then assume things are good enough ? The difference is that previously it was done automatically based on some _estimate_ of entropy created by system activity and random physical processes (even based on thermal noise, that you consider worthy). And now someone has to manually do this in an obscure way and has no means to even guess about entropy. We can surely argue about whether this estimate is correct or precise and whether it is safe to use. Some people would decide that it's not good enough and _ignore entropy estimation_ as necessary, just like we ignored entropy estimation for network devices. In the current virtualized world I would even agree that it's necessary to ignore many of the estimates by default. We could also argue about finding other estimators, just like you would replace the PRNG if it doesn't meet some standard. But that's not the point. That choice was deliberately removed based on crystal clear arguments like being "unscientific" or "fabulated" or "a lie" or whatever other mockery words could be found. And that's why the thread ends here.
