At Sun, 04 Apr 2021 23:47:10 +0700, Robert Elz <k...@munnari.oz.au> wrote: Subject: Re: regarding the changes to kernel entropy gathering > > If we want really good security, I'd submit we need to disable > the random seed file, and RDRAND (and anything similar) until we > have proof that they're perfect.
Indeed, I concur.
I trust the randomness and in-observability and isolation of the
behaviour of my system's fans far more than I would trust Intel's RDRAND
or RDSEED instructions.
I even trust the randomness of the timings of the virtual disks in my
Xen domU virtual machines more-so, even with multiple sibling guests,
even if some of those other guests can be influenced by untrusted third
parties at critical times.
> Personally, I'm happy with anything that your average high school
> student is unlikely to be able to crack in an hour. I don't run
> a bank, or a military installation, and I'm not the NSA. If someone
> is prepared to put in the effort required to break into my systems,
> then let them, it isn't worth the cost to prevent that tiny chance.
> That's the same way that my house has ordinary locks - I'm sure they
> can be picked by someone who knows what they're doing, and better security
> is available, at a price, but a nice happy medium is what fits me best.
Indeed again.
--
Greg A. Woods <gwo...@acm.org>
Kelowna, BC +1 250 762-7675 RoboHack <wo...@robohack.ca>
Planix, Inc. <wo...@planix.com> Avoncote Farms <wo...@avoncote.ca>
pgp4TWUMkWqxh.pgp
Description: OpenPGP Digital Signature
