On Fri, 26 Mar 2010 09:15:19 -0500 Brian Kroth wrote: > This probably won't actually happen until some distant point in the > future, but I'm especially interested in getting it to virtual > machines. Unfortunately, from what I can find there's no nice > interface between the host's rng and the vm for vmware esx like there > is for kvm (eg: virtio_rng). Anyone know of one? The tool you previously mentioned, Entropy Broker, is amongst the better choices. > With the entropy broker the thing I'm not totally clear on is how > entropy bits transferred over the network (presumably without > encryption as that might require entropy) would be worthwhile > entropy? I believe Entropy Broker encrypts, so it should be safe in that respect. Not that it's much of a problem on a VM where the network cable in question is a completely virtual one. > What makes it different from the situation where you're > using the network device interrupts as an source of entropy? > Couldn't both be observable? Such interrupts aren't great choices for entropy because they're so easily manipulable, anyway. > Another question - I keep seeing people suggesting to hook rngd (from > rng-tools) up to /dev/urandom. Doesn't that just feed your system > entropy with an prng most of the time? I feel like this just gives > the illusion of a decent sized entropy pool. Might as well hook your > app up to /dev/urandom instead, correct? Yep. B.