Mailinglist Archive: opensuse-factory (505 mails)
| < Previous | Next > |
Re: [opensuse-factory] haveged - now enabled by default?
- From: Rob Davies <rob.opensuse.linux@xxxxxxxxx>
- Date: Wed, 27 Jul 2011 10:08:28 +0100
- Message-id: <CAKeeO4fG8TKHCWj3s+oBk=k7Hx_w=k80R+cFfqOXX3cbiAqhvg@mail.gmail.com>
On 27 July 2011 08:23, Olipro <olipro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
It's quite a while since I looked at the Fate entry on entropy sources
being required, and the experimental code I wrote which played with
timers is deleted long ago, but IIRC you needed to increase the
kernel's estimate of entropy, to stop the blocking, not just do the
data writing. The kernel estimating the randomness of data written to
/dev/random sounds expensive.
Did anyone look at "audio entropy daemon"
http://www.vanheusden.com/aed/ which aims to use static noise from
unused sound card?
Presumably such would be widely available thanks to integrated audio,
even on diskless installs.
This program feeds the /dev/random device with entropy-data read from
an audio device.
The audio-data is not copied as is but first 'de-biased' and analysed
to determine how much bits of entropy is in it.
This program is usefull for systems doing lots of cryptographic stuff
like VPN endpoints or GPG clients; it helps preventing that the
/dev/random device gets depleted and blocks reads.
Regards Rob
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
I believe it's also worth pointing out that haveged only feeds the data into
the kernel, it does not manipulate the entropy estimate - therefore, even if
someone were to hack or replace haveged with something that feeds the kernel
non-random data, the kernel will simply not increase its entropy estimate.
It's quite a while since I looked at the Fate entry on entropy sources
being required, and the experimental code I wrote which played with
timers is deleted long ago, but IIRC you needed to increase the
kernel's estimate of entropy, to stop the blocking, not just do the
data writing. The kernel estimating the randomness of data written to
/dev/random sounds expensive.
Did anyone look at "audio entropy daemon"
http://www.vanheusden.com/aed/ which aims to use static noise from
unused sound card?
Presumably such would be widely available thanks to integrated audio,
even on diskless installs.
This program feeds the /dev/random device with entropy-data read from
an audio device.
The audio-data is not copied as is but first 'de-biased' and analysed
to determine how much bits of entropy is in it.
This program is usefull for systems doing lots of cryptographic stuff
like VPN endpoints or GPG clients; it helps preventing that the
/dev/random device gets depleted and blocks reads.
Regards Rob
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |