| 1 |
On Csü, Március 25, 2010 20:23, lists@×××.org wrote: |
| 2 |
> On Thu, 25 Mar 2010, Ed W wrote: |
| 3 |
> |
| 4 |
>> On 23/03/2010 21:02, lists@×××.org wrote: |
| 5 |
>>> On Tue, 23 Mar 2010, Ed W wrote: |
| 6 |
>>> |
| 7 |
>>> > OK, so to conclude the previous thread - I bought an entropy key |
| 8 |
>>> from |
| 9 |
>>> > the nice folks at Simtec via http://entropykey.co.uk |
| 10 |
>>> > |
| 11 |
>>> > Short version is you plug it in, install the ekeyd package and even |
| 12 |
>>> on a |
| 13 |
>>> > hardened installation the entropy pool never deviates from full |
| 14 |
>>> up... |
| 15 |
>>> > |
| 16 |
>>> > Now, at £30 it seems like a bargain for a fancy random number |
| 17 |
>>> generator, |
| 18 |
>>> > but then I read that the daemon can be switched to pipe the data out |
| 19 |
>>> in |
| 20 |
>>> > "egd" format and essentially you can have one machine supply high |
| 21 |
>>> > volumes of random numbers for a fair number of networked clients. |
| 22 |
>>> In my |
| 23 |
>>> > case this solves the problem of how to pipe entropy to some cheap |
| 24 |
>>> rented |
| 25 |
>>> > servers where we don't get to touch the physical hardware... Very |
| 26 |
>>> nice |
| 27 |
>>> > |
| 28 |
>>> > I have no relationship with the entropy-key guys other than being a |
| 29 |
>>> > happy customer. They seem like a small shop and I think they |
| 30 |
>>> deserve a |
| 31 |
>>> > plug (and really need to work on their presence via google... |
| 32 |
>>> Searches |
| 33 |
>>> > on this stuff only turn up $400 alternatives... Sheesh) |
| 34 |
>>> |
| 35 |
>>> I'm a bit puzzled how that offers much security. |
| 36 |
>>> Is the advantage that the algorithm for PRNG has to be extracted from |
| 37 |
>>> the |
| 38 |
>>> chip inside the key before it can be abused? |
| 39 |
>>> |
| 40 |
>>> Seems no better than, say: |
| 41 |
>>> http://www.debian-administration.org/users/dkg/weblog/56 |
| 42 |
>>> |
| 43 |
>>> Apart from at least adding a bit more layers in the algorithm. |
| 44 |
>> |
| 45 |
>> I'm not sure what you mean by the link referenced above? The point is |
| 46 |
>> that |
| 47 |
>> once the entropy pool is depleted on Linux then operations against |
| 48 |
>> /dev/random will stall, however, the evolution on linux has been that |
| 49 |
>> since |
| 50 |
>> /dev/random is "unreliable" most apps now seem to go directly to |
| 51 |
>> /dev/urandom |
| 52 |
>> which is similar, but doesn't block once the entropy pool is empty |
| 53 |
>> (simply |
| 54 |
>> the quality of random numbers declines) - however, it's reverting to a |
| 55 |
>> pseudo |
| 56 |
>> random number algorithm |
| 57 |
> |
| 58 |
> Right, he simply turned /dev/random into /dev/urandom. |
| 59 |
> I was under the impression the entropy key was simply a fancy PRNG. Now |
| 60 |
> that I know it offers |
| 61 |
> true randomness, I'm more impressed. Also curious exactly what it uses as |
| 62 |
> a source. |
| 63 |
|
| 64 |
http://www.entropykey.co.uk/tech/ |
| 65 |
|
| 66 |
Be aware of a 2.6.31 USB serial driver bug - already fixed. |
| 67 |
|
| 68 |
Regards: |
| 69 |
Dw. |
| 70 |
-- |
| 71 |
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962 |
| 72 |
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962 |
Archives