[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh, /dev/urandom

Alfred a écrit : 

 >    Why there are problems to enhace GNU/Hurd?
 > Enhance the Hurd how exactly? With flawed security?

With allowing GNU/Hurd _users_ to _use_ an ssh client.

 >    Sooner or later hurd/random(?) server will be added to the base
 >    system...why not now?

 > Because it is broken (in the sense of no good entropy source).  Fix the
 > problems, and it might get added.

Then remove ext2fs or the GNU Mach kernel, since they are broken.

 >    I think that random64 is allways better than a /bin/bash <-- that
 >    allways is the same key -_-UU but if you think that a shit of
 >    security is better than a bad security...

 > I did not say anything of this kind.  I said that bad security is
 > worse than _no_ security.

Then don't use it. But don't impose _your_ views to others.

 >    I think that this project will never advance if we allways say:
 >    "Actually there's more important things to do",

 > If people only do the unimportant things then the Hurd will never
 > advance, and it surely won't advance if we just talk.

Well, you are the first one to talk and insult people...

 >    I think that there is enought people working on GNU/Hurd to make an
 >    stable system. But I feel important to work on a lot of front lines
 >    will be better.

 > If you would like to enhance the Hurd then there are _far_ more
 > important things to work on, look at the TODO list.  A random
 > translator is the least of our problems.  Would you like to work on
 > something in that list?


Who are you to decide whet _he_ should do ? We do free software, we do
what we'ld like to do and to use. Not what you think is more important.

 > You seem to think that the random translator is important, maybe you
 > would like to work on libchannel which from what I know will be needed
 > for the gathering of entropy from a entropy "driver", would you like
 > to work on this?

I don't care about "secure" random data right now since the system
usable in a "real life" production computer, but I do care about
having an ssh client (and server) that works with just an
apt-get. Even if it's not really secure, for test purpose (which is
the only thing you can use GNU/Hurd right now) I don't care about strong
security, and I'm far for being the only one in that case.

-- 
Gael Le Mignot "Kilobug" - kilobug@nerim.net - http://kilobug.free.fr
GSM         : 06.71.47.18.22 (in France)   ICQ UIN   : 7299959
Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA

Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org
Reply to: