1 |
Hello. I have attached two patches. The linux kernel patch is from Eli |
2 |
Billauer of http://frandom.sourceforge.net/ Full source and docs for this |
3 |
patch are here http://www.linuxfromscratch.org/~robert/hlfs/hints/ |
4 |
attachments/entropy/frandom-0.8.tar.gz |
5 |
|
6 |
This version of frandom includes erandom (economical) which uses frandom as a |
7 |
seed, and uses no entropy from the kernel. The quality of the output bytes |
8 |
has been tested and found to be good quality random. Its not intended for |
9 |
crypto, its for anything else. This version of frandom also features a sysctl |
10 |
interface. The attached kernel patch enables it by default. It can be found |
11 |
in the char devices config menu. |
12 |
|
13 |
The attached glibc patch uses the frandom sysctl interface, and has a bug fix |
14 |
(/4). I removed some #ifdefs that I thought should always be defined (maybe |
15 |
someone can double check it, should be okay though). So, install the frandom |
16 |
kernel first (built in, not module), reboot, and replace this attached glibc |
17 |
patch with the original glibc-ssp patch, and install glibc. |
18 |
|
19 |
The finished result will stop SSP from draining kernel entropy. Preformance |
20 |
might be a bit better then using /dev/urandom too. And sysctl will work threw |
21 |
chroot without depending on a device in /dev. |
22 |
|
23 |
Comments, questions? |
24 |
|
25 |
I'm subscribed to this list, please don't cc me. |
26 |
|
27 |
Robert |