Taylor, You wrote: > You and I may be perfectly happy with understanding and addressing the > technical details at installation time, but I'm not willing to impose > the same burden on everyone around me. > > There's a tension between several things here: > > 1. Minimizing burden on users -- which means avoiding asking deeply > technical questions they may not be competent to answer like `what > is a string you just picked uniformly at random from 2^256 > possibilities?', especially when captive while running sysinst > where there's little opportunity to explore and read man pages at > leisure.
It doesn't have to be technical. For example, I would be OK with sysinst simply saying "Enter a line of random text that no one will be able to guess" and accepting any input, even the empty string, as having full entropy. I'm well aware that most users will just press enter, or if they do write something, it will contain so little actual entropy that it can be trivially brute-forced without even needing a rack of GPUs. But the amount of entropy in the response is not really the point - the point is to have at least some justification for considering the system RNG to be seeded, so that we can avoid blocking in calls like getrandom(p,n,0) without violating the API guarantee that they will block when not seeded. In practice, most of the entropy in the installed system will not come from the user's response, but from things like timing jitter in fetching and extracting the distribution sets. But since you are unwilling to even try to quantify that entropy due to the lack of sufficiently scientific methods for doing so, we need some other basis for claiming to have entropy, and this would be one. -- Andreas Gustafsson, g...@gson.org