1 |
On Tue, 23 Mar 2010, Ed W wrote: |
2 |
|
3 |
> OK, so to conclude the previous thread - I bought an entropy key from the |
4 |
> nice folks at Simtec via http://entropykey.co.uk |
5 |
> |
6 |
> Short version is you plug it in, install the ekeyd package and even on a |
7 |
> hardened installation the entropy pool never deviates from full up... |
8 |
> |
9 |
> Now, at £30 it seems like a bargain for a fancy random number generator, but |
10 |
> then I read that the daemon can be switched to pipe the data out in "egd" |
11 |
> format and essentially you can have one machine supply high volumes of random |
12 |
> numbers for a fair number of networked clients. In my case this solves the |
13 |
> problem of how to pipe entropy to some cheap rented servers where we don't |
14 |
> get to touch the physical hardware... Very nice |
15 |
> |
16 |
> I have no relationship with the entropy-key guys other than being a happy |
17 |
> customer. They seem like a small shop and I think they deserve a plug (and |
18 |
> really need to work on their presence via google... Searches on this stuff |
19 |
> only turn up $400 alternatives... Sheesh) |
20 |
|
21 |
I'm a bit puzzled how that offers much security. |
22 |
Is the advantage that the algorithm for PRNG has to be extracted from the chip inside the key before it can be abused? |
23 |
|
24 |
Seems no better than, say: |
25 |
http://www.debian-administration.org/users/dkg/weblog/56 |
26 |
|
27 |
Apart from at least adding a bit more layers in the algorithm. |