Re: fix for no ssh

To: debian-user@lists.debian.org
Subject: Re: fix for no ssh
From: Curt <curty@free.fr>
Date: Mon, 8 Jul 2019 14:40:16 -0000 (UTC)
Message-id: <[🔎] slrnqi6leg.21v.curty@einstein.electron.org>
References: <[🔎] 201907071029.23210.gheskett@shentel.net> <[🔎] a0d958a0a2649252c0997acd0630d83ed0ef6b1a.camel@yxit.co.uk> <[🔎] 20190707164348.k3txnfamgaupmzam@localhost> <[🔎] CAJmb-Ykzu=icMr3Zk-U41Ur_tSKqObuJ5C0jNi4my5UchhBYgg@mail.gmail.com> <[🔎] 20190708065440.hrxbo4e3752rbqpv@localhost> <[🔎] slrnqi61jg.21v.curty@einstein.electron.org> <[🔎] 20190708101816.md42tm7u2v57pm6u@localhost>

On 2019-07-08, Andrei POPESCU <andreimpopescu@gmail.com> wrote:
>
> The timing was also not very good for the buster release cycle.
> Hopefully this will be sorted out properly in time for bullseye.

Earlier I thought bullseye was some sort of idiom for Buster going live.
Color me ignorant. 

But concerning the currently proposed workaround for x86 CPU's (from
which I cannot "benefit," apparently), it's edifying to note what Ted
himself said about his own patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39a8883a2b989d1d21bd8dd99f5557f0c5e89694

 random: add a config option to trust the CPU's hwrng

 This gives the user building their own kernel (or a Linux distribution)
 the option of deciding whether or not to trust the CPU's hardware
 random number generator (e.g., RDRAND for x86 CPU's) as being correctly
 implemented and not having a back door introduced (perhaps courtesy of
 a Nation State's law enforcement or intelligence agencies).

 This will prevent getrandom(2) from blocking, if there is a
 willingness to trust the CPU manufacturer.

 Signed-off-by: Theodore Ts'o <tytso@mit.edu>

So Debian Buster, as it now stands and I understand it, trusts in the
correctness of the hardware random number generator, as well as in the
absence of any back door that might compromise it, universally and
without qualification, of every Debian Buster user's x86 cpu (default
kernel command line CONFIG_RANDOM_TRUST_CPU), in the name of security.

That's a safer solution than installing haveged? 

I know, I know, I can use any kernel command line I want. I could switch
to another distribution without these problems. I could go fuck myself.
But as an innate altruist (just kidding), I'm wondering whether the
regular user is aware of the implications of all this. What about people
in Nation States ...  Well, you get the idea.

> Kind regards,
> Andrei

-- 
"These findings demonstrate that under appropriate conditions the isolated,
intact large mammalian brain possesses an underappreciated capacity for
restoration of microcirculation and molecular and cellular activity after a
prolonged post-mortem interval." From a recent article in *Nature*. Holy shit.

Reply to:

Follow-Ups:
- Re: fix for no ssh
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- [OT] Trustfulness. Was: Re: fix for no ssh
  - From: "Thomas Schmitt" <scdbackup@gmx.net>
- Re: fix for no ssh
  - From: Andy Smith <andy@strugglers.net>

References:
- fix for no ssh
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fix for no ssh
  - From: Tixy <tixy@yxit.co.uk>
- Re: fix for no ssh
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: fix for no ssh
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: fix for no ssh
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: fix for no ssh
  - From: Curt <curty@free.fr>
- Re: fix for no ssh
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

Prev by Date: Re: Assorted arm-buster problems - network configuration
Next by Date: Displaylink issue after upgrading to Buster
Previous by thread: Re: fix for no ssh
Next by thread: Re: fix for no ssh
Index(es):
- Date
- Thread