From: lists@m8y.org
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Bought an "entropy-key" - very happy
Date: Tue, 23 Mar 2010 17:02:38 -0400 (EDT) [thread overview]
Message-ID: <alpine.LNX.2.00.1003231701190.29587@nautilus.m8y.org> (raw)
In-Reply-To: <4BA92703.4020200@wildgooses.com>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1383 bytes --]
On Tue, 23 Mar 2010, Ed W wrote:
> OK, so to conclude the previous thread - I bought an entropy key from the
> nice folks at Simtec via http://entropykey.co.uk
>
> Short version is you plug it in, install the ekeyd package and even on a
> hardened installation the entropy pool never deviates from full up...
>
> Now, at £30 it seems like a bargain for a fancy random number generator, but
> then I read that the daemon can be switched to pipe the data out in "egd"
> format and essentially you can have one machine supply high volumes of random
> numbers for a fair number of networked clients. In my case this solves the
> problem of how to pipe entropy to some cheap rented servers where we don't
> get to touch the physical hardware... Very nice
>
> I have no relationship with the entropy-key guys other than being a happy
> customer. They seem like a small shop and I think they deserve a plug (and
> really need to work on their presence via google... Searches on this stuff
> only turn up $400 alternatives... Sheesh)
I'm a bit puzzled how that offers much security.
Is the advantage that the algorithm for PRNG has to be extracted from the chip inside the key before it can be abused?
Seems no better than, say:
http://www.debian-administration.org/users/dkg/weblog/56
Apart from at least adding a bit more layers in the algorithm.
next prev parent reply other threads:[~2010-03-23 21:03 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-23 20:39 [gentoo-hardened] Bought an "entropy-key" - very happy Ed W
2010-03-23 21:02 ` lists [this message]
2010-03-25 13:10 ` Rob Kendrick
2010-03-25 17:50 ` pageexec
2010-03-25 20:12 ` Rob Kendrick
2010-03-25 19:38 ` pageexec
2010-03-25 23:53 ` Ed W
2010-03-26 0:36 ` Rob Kendrick
2010-03-25 20:17 ` Ed W
2010-03-25 20:21 ` Rob Kendrick
2010-03-25 13:30 ` Ed W
2010-03-25 19:23 ` lists
2010-03-25 19:34 ` Tóth Attila
2010-03-25 20:11 ` Rob Kendrick
2010-03-25 20:34 ` Ed W
2010-03-25 20:41 ` RB
2010-03-25 21:08 ` Tom Hendrikx
2010-03-26 14:15 ` Brian Kroth
2010-03-26 15:19 ` Rob Kendrick
2010-03-27 13:11 ` Ed W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.2.00.1003231701190.29587@nautilus.m8y.org \
--to=lists@m8y.org \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox