On Wed, 7 Sep 2011, Steve Grubb wrote: > On Wednesday, September 07, 2011 05:35:18 PM Jarod Wilson wrote: > > Another proposal that has been kicked around: a 3rd random chardev, > > which implements this functionality, leaving urandom unscathed. Some > > udev magic or a driver param could move/disable/whatever urandom and put > > this alternate device in its place. Ultimately, identical behavior, but > > the true urandom doesn't get altered at all. > > Right, and that's what I was trying to say is that if we do all that and switch out > urandom with something new that does what we need, what's the difference in just > patching the behavior into urandom and calling it a day? Its simpler, less fragile, > admins won't make mistakes setting up the wrong one in a chroot, already has the > FIPS-140 dressing, and is auditable. I as a 0815 admin would never want such a thing by default. I already replace /dev/random with /dev/urandom to keep stupid sshd from dying because there just is no entropy - I care more about all my services staying alive than about perfect random. c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
