From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Numr3-0007NP-8B for garchives@archives.gentoo.org; Thu, 25 Mar 2010 13:12:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 20B7EE0878; Thu, 25 Mar 2010 13:10:35 +0000 (UTC) Received: from flounder.pepperfish.net (flounder.pepperfish.net [87.237.62.181]) by pigeon.gentoo.org (Postfix) with ESMTP id EBD7AE086F for ; Thu, 25 Mar 2010 13:10:34 +0000 (UTC) Received: from cpc2-asht1-0-0-cust798.manc.cable.ntl.com ([80.5.55.31] helo=master) by flounder.pepperfish.net with esmtpsa (Exim 4.69 #1 (Debian)) id 1Numoy-0007uO-Og for ; Thu, 25 Mar 2010 13:10:00 +0000 Received: from trite.i.flarn.net ([10.19.3.100] helo=trite.i.flarn.net.i.flarn.net) by master with esmtp (Exim 4.69) (envelope-from ) id 1NumpW-0004Cw-54 for gentoo-hardened@lists.gentoo.org; Thu, 25 Mar 2010 13:10:34 +0000 Date: Thu, 25 Mar 2010 13:10:33 +0000 From: Rob Kendrick To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Bought an "entropy-key" - very happy Message-ID: <20100325131033.0dc5429b@trite.i.flarn.net.i.flarn.net> X-Mailer: Claws Mail 3.7.2 (GTK+ 2.18.3; x86_64-pc-linux-gnu) In-Reply-To: alpine.LNX.2.00.1003231701190.29587@nautilus.m8y.org References: alpine.LNX.2.00.1003231701190.29587@nautilus.m8y.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: bbbf0d9d-a79e-4b64-abc1-5aa1333a3bcb X-Archives-Hash: e522f76f8548537d7836fc0c0425d201 > > > I have no relationship with the entropy-key guys other than being > > > a happy customer. They seem like a small shop and I think they deserve > > > a plug (and really need to work on their presence via google... > > > Searches on this stuff only turn up $400 alternatives... Sheesh) > > > > I'm a bit puzzled how that offers much security. > > Is the advantage that the algorithm for PRNG has to be extracted > > from the chip inside \ the key before it can be abused? There is no PRNG inside the key. It's a hardware true random number generator. What makes the Entropy Key different from most other plug-in entropy devices is that it goes to extraordinary lengths to make sure the entropy that is injected into your pool can't be sniffed before it gets there, as well as running loads of statistics to make sure the device itself isn't being attacked. (Disclaimer: I /do/ have a relationship with the entropy key guys.) B.