Re: [gentoo-hardened] Bought an "entropy-key" - very happy

[Brian Kroth <bpkroth@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 2016 bytes --]

Ed W <lists@wildgooses.com> 2010-03-25 20:34:
> On 25/03/2010 20:11, Rob Kendrick wrote:
>> ...
<snip/>
> I noticed a munin script in the ekeyd download - haven't tried it, but  
> the quantity of variables you can monitor from the device seemed quite  
> impressive.  Who would have thought you would have wanted to graph the  
> temperature of your random number generator, but for those who do, you  
> are in luck...

Here's another graphing tool I started using since whoever started this
thread got me hooked on the subject :)
http://collectd.org/wiki/index.php/Plugin:Entropy

Things are much worse, even for physical machines, than I originally
suspected, so I'm now thinking about trying to setup something like this
in conjunction with both the entropy key and the timer_entropyd so that
I can provide an entropy service to various clients.
http://www.vanheusden.com/entropybroker/

This probably won't actually happen until some distant point in the
future, but I'm especially interested in getting it to virtual machines.
Unfortunately, from what I can find there's no nice interface between
the host's rng and the vm for vmware esx like there is for kvm (eg:
virtio_rng).  Anyone know of one?

With the entropy broker the thing I'm not totally clear on is how
entropy bits transferred over the network (presumably without encryption
as that might require entropy) would be worthwhile entropy?  What makes
it different from the situation where you're using the network device
interrupts as an source of entropy?  Couldn't both be observable?

Another question - I keep seeing people suggesting to hook rngd (from
rng-tools) up to /dev/urandom.  Doesn't that just feed your system
entropy with an prng most of the time?  I feel like this just gives the
illusion of a decent sized entropy pool.  Might as well hook your app up
to /dev/urandom instead, correct?

In any case, waiting anxiously for delivery of my entropy key so I can
start playing.

Cheers,
Brian

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]