[talk] [nycbug-talk] FreeBSD abandoning hardware randomness
George Rosamond
george at ceetonetechnology.com
Mon Nov 3 12:01:29 EST 2014
<large fat snip>
>>
>> I still think for your everyday laptop not having one of these keys is the
>> way to go (perhaps though one should use an OS that does the random thing
>> well ;-) ).
>>
>> Anyhow, these things aren't a solution to anything without proper software.
Some relevant FreeBSD changes (ty Justin)...
https://svnweb.freebsd.org/base?view=revision&revision=273872
IMHO, it really is (for BSD land, anyways) about trusting software to do
what's right with that hardware.
We've had the threads before onlist and informally about usb/hardware
entropy devices.
I don't doubt hardware can have a role, if it's done correctly and openly.
(anyone read "The Traveler" by John Twelve Hawks?)
But ultimately in this day and age, it's the software, ie, a more
trusted, audit-able platform, that should be determining the parameters
of that extra entropy being utilized. An OS can be audited, mtree'd,
whatever, while auditing the code and confirming what's on the actual
device is a bit trickier. Go read some of the Snowden disclosures about
3-letter-government agency hardware hacking. It's ugly.
g
More information about the talk
mailing list