From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NvB3a-0007bo-Ec for garchives@archives.gentoo.org; Fri, 26 Mar 2010 15:02:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1B902E09E4 for ; Fri, 26 Mar 2010 15:02:42 +0000 (UTC) Received: from mail-pz0-f171.google.com (mail-pz0-f171.google.com [209.85.222.171]) by pigeon.gentoo.org (Postfix) with ESMTP id C3119E06C8 for ; Fri, 26 Mar 2010 14:15:22 +0000 (UTC) Received: by pzk1 with SMTP id 1so204759pzk.10 for ; Fri, 26 Mar 2010 07:15:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:reply-to:mail-followup-to:references:mime-version :content-type:content-disposition:in-reply-to:x-operating-system :user-agent; bh=rVi4vYqr8k9oFVVNKjtBQiCPUWtLQIO/7Xg0jTRpixQ=; b=ry5yosdzFkF9gZ4qaqxtJN+YcN3xSvDulacuxbO753Vi+/pLndkIPdVtVb6pUWqyu1 XogYWbZmXW1Zg862hy8EA93+MRVhXDHEnLEet0XbHZH5e8mX9WlxGu2ya15mHCXtGLGg 28B4VeI+qWGTsaV+XMqvTEXpYkT0mnikuVmFM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:reply-to:mail-followup-to :references:mime-version:content-type:content-disposition :in-reply-to:x-operating-system:user-agent; b=j0naPB35dlwOgmUnaJ2Fi+4cuTmUTjHcmnsip9oF5u84y2Bkau40evsmUmnrehAIcH IAUsUnrZy6IILrQt9qN5ofSYWcAia+psgnfxFwmeqrlBhSienF5IxrZWx+bA+xwN7RQ1 qmEK8ZrADVwJDplau3+bBNz/qk27qUuZv7u7A= Received: by 10.141.4.8 with SMTP id g8mr914584rvi.87.1269612921598; Fri, 26 Mar 2010 07:15:21 -0700 (PDT) Received: from gmail.com (rolo.cae.wisc.edu [144.92.13.74]) by mx.google.com with ESMTPS id 20sm895204iwn.1.2010.03.26.07.15.20 (version=SSLv3 cipher=RC4-MD5); Fri, 26 Mar 2010 07:15:20 -0700 (PDT) Date: Fri, 26 Mar 2010 09:15:19 -0500 From: Brian Kroth To: Ed W Cc: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Bought an "entropy-key" - very happy Message-ID: <20100326141518.GN10118@gmail.com> Mail-Followup-To: Ed W , gentoo-hardened@lists.gentoo.org References: <4BA92703.4020200@wildgooses.com> <4BAB657C.8060309@wildgooses.com> <20100325201104.77d1c310@trite.i.flarn.net.i.flarn.net> <4BABC8E5.7040305@wildgooses.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4g9NU9V/v24fhvXM" Content-Disposition: inline In-Reply-To: <4BABC8E5.7040305@wildgooses.com> X-Operating-System: Linux 2.6.29-2-amd64 x86_64 User-Agent: Mutt/1.5.18 (2008-05-17) X-Archives-Salt: ede856b3-3003-4881-8b59-738ee706b5bc X-Archives-Hash: 65d3459e1e79ec561d416d5773f91dae --4g9NU9V/v24fhvXM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ed W 2010-03-25 20:34: > On 25/03/2010 20:11, Rob Kendrick wrote: >> ... > I noticed a munin script in the ekeyd download - haven't tried it, but = =20 > the quantity of variables you can monitor from the device seemed quite = =20 > impressive. Who would have thought you would have wanted to graph the = =20 > temperature of your random number generator, but for those who do, you = =20 > are in luck... Here's another graphing tool I started using since whoever started this thread got me hooked on the subject :) http://collectd.org/wiki/index.php/Plugin:Entropy Things are much worse, even for physical machines, than I originally suspected, so I'm now thinking about trying to setup something like this in conjunction with both the entropy key and the timer_entropyd so that I can provide an entropy service to various clients. http://www.vanheusden.com/entropybroker/ This probably won't actually happen until some distant point in the future, but I'm especially interested in getting it to virtual machines. Unfortunately, from what I can find there's no nice interface between the host's rng and the vm for vmware esx like there is for kvm (eg: virtio_rng). Anyone know of one? With the entropy broker the thing I'm not totally clear on is how entropy bits transferred over the network (presumably without encryption as that might require entropy) would be worthwhile entropy? What makes it different from the situation where you're using the network device interrupts as an source of entropy? Couldn't both be observable? Another question - I keep seeing people suggesting to hook rngd (from rng-tools) up to /dev/urandom. Doesn't that just feed your system entropy with an prng most of the time? I feel like this just gives the illusion of a decent sized entropy pool. Might as well hook your app up to /dev/urandom instead, correct? In any case, waiting anxiously for delivery of my entropy key so I can start playing. Cheers, Brian --4g9NU9V/v24fhvXM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkuswXYACgkQdtkBin+QuSBMywCg2cDpX0viNdCSfCKt0K8ARLM/ oBEAn0RFR1JW6Lk/BZGk8IFY9LRTU+Sb =zZ4H -----END PGP SIGNATURE----- --4g9NU9V/v24fhvXM--