Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: recent sysinst UX changes
On Mon, Nov 09, 2020 at 11:18:31AM +0100, Martin Husemann wrote:
> On Mon, Nov 09, 2020 at 10:10:56AM +0000, nia wrote:
> > fwiw, i think the default options should be as close to Just Work as possible.
> >
> > i have installed NetBSD irl with people who have only a little bit of unix
> > knowledge, and watched them wince every time something doesn't go as planned.
> > often this is on older, spare hardware, that's just to play with the OS on,
> > so it is likely to not have >2015 CPU features (RDRAND).
>
> I totaly agree with both of this, but "just work" is not a clear target,
> especially when a simple step makes a difference in security (whether
> manually typing in random things *does* make a difference is probably
> for another debate).
>
> The description pointing at copying output from another machine is just
> an option (and it actually helps a lot when you do installs via serial
> console or similar).
>
> So: happy to make it more userfriendly, simpler, rephrase messages,
> whatever needed - but we should not end up with insecure installs.
>
> Martin
Requiring users to type in data is just going to result in a lot of
users mashing the keyboard to get an install to work, is all I'm saying.
That's no better than copying 32 bytes back into /dev/urandom to continue
with the existing seed. The installation involves user input, after all.
Treating USB RNGs as a common use case for everyday installs is an odd
decision. They're probably common to have among a subset of NetBSD
developers, and, well, nobody else.
+{This system seems to lack a cryptographically strong pseudo random
+number generator. There is not enough entropy available to create secure
+keys (e.g. ssh host keys).
+
+You may use random data generated on another computer and load it
+here, or you could enter random characters manually.
+
+If you own a USB random number device, connect it now and select
+the "Re-test" option.}
I would change this to:
"{This system seems to lack a quality hardware random number generator.
For increased system security, you may load random data generated
on another computer. NetBSD will then use this as a seed.
Otherwise, the installer can continue with a potentially insecure
seed using data collected during the installation process.}"
+message entropy_continue {Continue with existing potentially insecure seed}
+message entropy_download_seed {Import random data from another machine}
Lacking a HWRNG is the actual problem. Let's describe the actual problem.
I don't think we need to present every new user installing NetBSD with
information about USB RNG devices or crypto jargon.
Home |
Main Index |
Thread Index |
Old Index