> All that changed is that we don't pretend it provides entropy. Instead, you pretend it provides none.
Neither pretense is accurate (where the "pretend it provides entropy" refers to providing any non-configurable fixed amount). The real problem here, as I see it, is that NetBSD qua NetBSD cannot tell where between those two extremes any particular case falls. Compounding this is that most sysadmins are not competent to accurately describe where a given install falls, even were NetBSD to provide a means to do so. (Though I suspect that most who understand the issues could provide a usefully high lower bound on the entry provided. For example, I'd be satisfied with one millibit per event - network packet or disk transfer - and in my environment I am confident that is an understimate.) > As I mentioned elsewhere, a lot of the classic entropy sources are > surprisingly bad nowadays when someone can observe the kernel, > especially in a virtualized environment. Yes...but, as gwoods indirectly but correctly pointed out, that may not matter: other VMs under the same hypervisor can be anywhere from "known to be actively hostile" to "fully trusted", depending on the site. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B