We -used- to need data from RNG directly into the kernel randomness
Are you sure? I dont think there was ever code to do this in
mainline. There might have been something in -ac*, but not mainline.
pool. The consensus was that the FIPS testing should be moved to userspace.
Consensus from whom? And who says the FIPS testing is useful anyways?
I think you just need to trust the random generator, it is like
you need to trust any other piece of hardware in your machine. Or do you check regularly if you mov instruction still works? @)
I think it is a trade off between easy to use and saving of resources and overly paranoia. With an user space solution
which near nobody uses currently (I am not aware of any distribution that runs that daemon)
it means most people wont have hardware supported randomness
in their ssh, and I think that is a big drawback.