From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NuuCg-0002V6-Nn for garchives@archives.gentoo.org; Thu, 25 Mar 2010 21:03:00 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 62042E0925 for ; Thu, 25 Mar 2010 21:02:58 +0000 (UTC) Received: from mail-iw0-f175.google.com (mail-iw0-f175.google.com [209.85.223.175]) by pigeon.gentoo.org (Postfix) with ESMTP id 1984AE0802 for ; Thu, 25 Mar 2010 20:41:29 +0000 (UTC) Received: by iwn5 with SMTP id 5so886568iwn.9 for ; Thu, 25 Mar 2010 13:41:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=K1sfpvNPU5Kh2lt+GSrIVfFoDH/Q5C79M5+emdKsKzw=; b=tPphra0QqsezmA0MdbaooJHcFH8OoGvBXx/0tlQm0VRO6/uK85UdJdtbdAl3pcWWbJ BAa0MDLRUlOXVVhh0qfl5yHKh1EWHTmujSyZaGhR++t8KzW9nUIDKiMX56DgJXe1Yxmv BYTEel+BxmThY14Fs/5QHRfOR/lNXVSOEievM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=RKhs0fM6Ah1duNKx/6u0KOucs4+yYCvHGqTOYCMLsF6YE1yOHq18LRbsRnrGkUdP50 GS94ocuY1Y5AeYJ+gNBKX9XwmwIBUWqjZv+FZKsGKfirjH6NNQSa4ZCw0g04xAz+ZGZ8 BkcNWU8OiUi3u0457xDaeVyJraywPtkBQZwNA= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.143.154.37 with SMTP id g37mr1518052wfo.35.1269549688431; Thu, 25 Mar 2010 13:41:28 -0700 (PDT) In-Reply-To: <4BABC8E5.7040305@wildgooses.com> References: <4BA92703.4020200@wildgooses.com> <4BAB657C.8060309@wildgooses.com> <20100325201104.77d1c310@trite.i.flarn.net.i.flarn.net> <4BABC8E5.7040305@wildgooses.com> Date: Thu, 25 Mar 2010 14:41:28 -0600 Message-ID: <4255c2571003251341i2d00bd03l9ab27ea1f8079193@mail.gmail.com> Subject: Re: [gentoo-hardened] Bought an "entropy-key" - very happy From: RB To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: a9f5d6e7-4cfc-4438-b9b1-e77d5748b5a9 X-Archives-Hash: 9c8bd7c215f7289c5dcce738e51ebfb7 On Thu, Mar 25, 2010 at 14:34, Ed W wrote: > I noticed a munin script in the ekeyd download - haven't tried it, but th= e > quantity of variables you can monitor from the device seemed quite > impressive. =C2=A0Who would have thought you would have wanted to graph t= he > temperature of your random number generator, but for those who do, you ar= e > in luck... Thermal and power fluctuations are common approaches to subverting the entropy available in an RNG. Thermal noise based entropy generators are particularly sensitive to this - reduce the temperature, reduce the entropy. IIRC, the VIA RNG is based on a pair of thermal sensors, but since they're on-die it's regarded more as difficult to subvert than an external set.