At Sun, 04 Apr 2021 23:47:10 +0700, Robert Elz <k...@munnari.oz.au> wrote: Subject: Re: regarding the changes to kernel entropy gathering > > If we want really good security, I'd submit we need to disable > the random seed file, and RDRAND (and anything similar) until we > have proof that they're perfect.
Indeed, I concur. I trust the randomness and in-observability and isolation of the behaviour of my system's fans far more than I would trust Intel's RDRAND or RDSEED instructions. I even trust the randomness of the timings of the virtual disks in my Xen domU virtual machines more-so, even with multiple sibling guests, even if some of those other guests can be influenced by untrusted third parties at critical times. > Personally, I'm happy with anything that your average high school > student is unlikely to be able to crack in an hour. I don't run > a bank, or a military installation, and I'm not the NSA. If someone > is prepared to put in the effort required to break into my systems, > then let them, it isn't worth the cost to prevent that tiny chance. > That's the same way that my house has ordinary locks - I'm sure they > can be picked by someone who knows what they're doing, and better security > is available, at a price, but a nice happy medium is what fits me best. Indeed again. -- Greg A. Woods <gwo...@acm.org> Kelowna, BC +1 250 762-7675 RoboHack <wo...@robohack.ca> Planix, Inc. <wo...@planix.com> Avoncote Farms <wo...@avoncote.ca>
pgp4TWUMkWqxh.pgp
Description: OpenPGP Digital Signature