
Linus Torvalds goes against secure-by-default philosophy - seek3r00
https://mobile.twitter.com/matthew_d_green/status/1174021768266149888
======
pnako
Who should I believe?

a) The people on the LKML, with experience in both the kernel and userland
side of the problem, trying to figure out the best way to manage userland
expectations of RNG quality, in a context where entropy gathering is pretty
much a glorified hack, of diminishing effectiveness

b) The security people on Twitter posting funny memes and simply stating that
things should be "secure by default"

It would be trivial for the kernel developers to return a hash of whatever
entropy they gathered so far, without ever blocking, and call that the
"default secure mode", and implement a toy RNG for the non-secure, non-default
mode, and call it a day. But they're trying to solve a more difficult and more
important problem.

