1 |
On Csü, Március 25, 2010 20:23, lists@×××.org wrote: |
2 |
> On Thu, 25 Mar 2010, Ed W wrote: |
3 |
> |
4 |
>> On 23/03/2010 21:02, lists@×××.org wrote: |
5 |
>>> On Tue, 23 Mar 2010, Ed W wrote: |
6 |
>>> |
7 |
>>> > OK, so to conclude the previous thread - I bought an entropy key |
8 |
>>> from |
9 |
>>> > the nice folks at Simtec via http://entropykey.co.uk |
10 |
>>> > |
11 |
>>> > Short version is you plug it in, install the ekeyd package and even |
12 |
>>> on a |
13 |
>>> > hardened installation the entropy pool never deviates from full |
14 |
>>> up... |
15 |
>>> > |
16 |
>>> > Now, at £30 it seems like a bargain for a fancy random number |
17 |
>>> generator, |
18 |
>>> > but then I read that the daemon can be switched to pipe the data out |
19 |
>>> in |
20 |
>>> > "egd" format and essentially you can have one machine supply high |
21 |
>>> > volumes of random numbers for a fair number of networked clients. |
22 |
>>> In my |
23 |
>>> > case this solves the problem of how to pipe entropy to some cheap |
24 |
>>> rented |
25 |
>>> > servers where we don't get to touch the physical hardware... Very |
26 |
>>> nice |
27 |
>>> > |
28 |
>>> > I have no relationship with the entropy-key guys other than being a |
29 |
>>> > happy customer. They seem like a small shop and I think they |
30 |
>>> deserve a |
31 |
>>> > plug (and really need to work on their presence via google... |
32 |
>>> Searches |
33 |
>>> > on this stuff only turn up $400 alternatives... Sheesh) |
34 |
>>> |
35 |
>>> I'm a bit puzzled how that offers much security. |
36 |
>>> Is the advantage that the algorithm for PRNG has to be extracted from |
37 |
>>> the |
38 |
>>> chip inside the key before it can be abused? |
39 |
>>> |
40 |
>>> Seems no better than, say: |
41 |
>>> http://www.debian-administration.org/users/dkg/weblog/56 |
42 |
>>> |
43 |
>>> Apart from at least adding a bit more layers in the algorithm. |
44 |
>> |
45 |
>> I'm not sure what you mean by the link referenced above? The point is |
46 |
>> that |
47 |
>> once the entropy pool is depleted on Linux then operations against |
48 |
>> /dev/random will stall, however, the evolution on linux has been that |
49 |
>> since |
50 |
>> /dev/random is "unreliable" most apps now seem to go directly to |
51 |
>> /dev/urandom |
52 |
>> which is similar, but doesn't block once the entropy pool is empty |
53 |
>> (simply |
54 |
>> the quality of random numbers declines) - however, it's reverting to a |
55 |
>> pseudo |
56 |
>> random number algorithm |
57 |
> |
58 |
> Right, he simply turned /dev/random into /dev/urandom. |
59 |
> I was under the impression the entropy key was simply a fancy PRNG. Now |
60 |
> that I know it offers |
61 |
> true randomness, I'm more impressed. Also curious exactly what it uses as |
62 |
> a source. |
63 |
|
64 |
http://www.entropykey.co.uk/tech/ |
65 |
|
66 |
Be aware of a 2.6.31 USB serial driver bug - already fixed. |
67 |
|
68 |
Regards: |
69 |
Dw. |
70 |
-- |
71 |
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962 |
72 |
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962 |