| 1 |
On Tue, 23 Mar 2010, Ed W wrote: |
| 2 |
|
| 3 |
> OK, so to conclude the previous thread - I bought an entropy key from the |
| 4 |
> nice folks at Simtec via http://entropykey.co.uk |
| 5 |
> |
| 6 |
> Short version is you plug it in, install the ekeyd package and even on a |
| 7 |
> hardened installation the entropy pool never deviates from full up... |
| 8 |
> |
| 9 |
> Now, at £30 it seems like a bargain for a fancy random number generator, but |
| 10 |
> then I read that the daemon can be switched to pipe the data out in "egd" |
| 11 |
> format and essentially you can have one machine supply high volumes of random |
| 12 |
> numbers for a fair number of networked clients. In my case this solves the |
| 13 |
> problem of how to pipe entropy to some cheap rented servers where we don't |
| 14 |
> get to touch the physical hardware... Very nice |
| 15 |
> |
| 16 |
> I have no relationship with the entropy-key guys other than being a happy |
| 17 |
> customer. They seem like a small shop and I think they deserve a plug (and |
| 18 |
> really need to work on their presence via google... Searches on this stuff |
| 19 |
> only turn up $400 alternatives... Sheesh) |
| 20 |
|
| 21 |
I'm a bit puzzled how that offers much security. |
| 22 |
Is the advantage that the algorithm for PRNG has to be extracted from the chip inside the key before it can be abused? |
| 23 |
|
| 24 |
Seems no better than, say: |
| 25 |
http://www.debian-administration.org/users/dkg/weblog/56 |
| 26 |
|
| 27 |
Apart from at least adding a bit more layers in the algorithm. |
Archives