| 1 |
Hello. I have attached two patches. The linux kernel patch is from Eli |
| 2 |
Billauer of http://frandom.sourceforge.net/ Full source and docs for this |
| 3 |
patch are here http://www.linuxfromscratch.org/~robert/hlfs/hints/ |
| 4 |
attachments/entropy/frandom-0.8.tar.gz |
| 5 |
|
| 6 |
This version of frandom includes erandom (economical) which uses frandom as a |
| 7 |
seed, and uses no entropy from the kernel. The quality of the output bytes |
| 8 |
has been tested and found to be good quality random. Its not intended for |
| 9 |
crypto, its for anything else. This version of frandom also features a sysctl |
| 10 |
interface. The attached kernel patch enables it by default. It can be found |
| 11 |
in the char devices config menu. |
| 12 |
|
| 13 |
The attached glibc patch uses the frandom sysctl interface, and has a bug fix |
| 14 |
(/4). I removed some #ifdefs that I thought should always be defined (maybe |
| 15 |
someone can double check it, should be okay though). So, install the frandom |
| 16 |
kernel first (built in, not module), reboot, and replace this attached glibc |
| 17 |
patch with the original glibc-ssp patch, and install glibc. |
| 18 |
|
| 19 |
The finished result will stop SSP from draining kernel entropy. Preformance |
| 20 |
might be a bit better then using /dev/urandom too. And sysctl will work threw |
| 21 |
chroot without depending on a device in /dev. |
| 22 |
|
| 23 |
Comments, questions? |
| 24 |
|
| 25 |
I'm subscribed to this list, please don't cc me. |
| 26 |
|
| 27 |
Robert |
Archives