On 27 July 2011 08:23, Olipro <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> wrote:
I believe it's also worth pointing out that haveged only feeds the data into the kernel, it does not manipulate the entropy estimate - therefore, even if someone were to hack or replace haveged with something that feeds the kernel non-random data, the kernel will simply not increase its entropy estimate.
It's quite a while since I looked at the Fate entry on entropy sources being required, and the experimental code I wrote which played with timers is deleted long ago, but IIRC you needed to increase the kernel's estimate of entropy, to stop the blocking, not just do the data writing. The kernel estimating the randomness of data written to /dev/random sounds expensive. Did anyone look at "audio entropy daemon" http://www.vanheusden.com/aed/ which aims to use static noise from unused sound card? Presumably such would be widely available thanks to integrated audio, even on diskless installs. This program feeds the /dev/random device with entropy-data read from an audio device. The audio-data is not copied as is but first 'de-biased' and analysed to determine how much bits of entropy is in it. This program is usefull for systems doing lots of cryptographic stuff like VPN endpoints or GPG clients; it helps preventing that the /dev/random device gets depleted and blocks reads. Regards Rob -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org