From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NuBG2-0001p6-TI for garchives@archives.gentoo.org; Tue, 23 Mar 2010 21:03:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 19AB1E09F0; Tue, 23 Mar 2010 21:02:41 +0000 (UTC) Received: from qmta06.emeryville.ca.mail.comcast.net (qmta06.emeryville.ca.mail.comcast.net [76.96.30.56]) by pigeon.gentoo.org (Postfix) with ESMTP id C2925E09F0 for ; Tue, 23 Mar 2010 21:02:40 +0000 (UTC) Received: from omta23.emeryville.ca.mail.comcast.net ([76.96.30.90]) by qmta06.emeryville.ca.mail.comcast.net with comcast id wkyw1d00A1wfjNsA6l2hSw; Tue, 23 Mar 2010 21:02:41 +0000 Received: from mail.m8y.org ([76.21.160.106]) by omta23.emeryville.ca.mail.comcast.net with comcast id wl2g1d00F2J1q1o8jl2gJP; Tue, 23 Mar 2010 21:02:41 +0000 Received: by mail.m8y.org (Postfix, from userid 1000) id EE07C108136; Tue, 23 Mar 2010 17:02:38 -0400 (EDT) Date: Tue, 23 Mar 2010 17:02:38 -0400 (EDT) From: lists@m8y.org To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Bought an "entropy-key" - very happy In-Reply-To: <4BA92703.4020200@wildgooses.com> Message-ID: References: <4BA92703.4020200@wildgooses.com> User-Agent: Alpine 2.00 (LNX 1167 2008-08-23) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-1737569384-1269378158=:29587" X-Archives-Salt: 1130a39c-1f27-451a-9e95-02a1e3c924b6 X-Archives-Hash: 5d8791f6882b5e88552586a07eaa35cc This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323328-1737569384-1269378158=:29587 Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 23 Mar 2010, Ed W wrote: > OK, so to conclude the previous thread - I bought an entropy key from the= =20 > nice folks at Simtec via http://entropykey.co.uk > > Short version is you plug it in, install the ekeyd package and even on a= =20 > hardened installation the entropy pool never deviates from full up... > > Now, at =A330 it seems like a bargain for a fancy random number generator= , but=20 > then I read that the daemon can be switched to pipe the data out in "egd"= =20 > format and essentially you can have one machine supply high volumes of ra= ndom=20 > numbers for a fair number of networked clients. In my case this solves t= he=20 > problem of how to pipe entropy to some cheap rented servers where we don'= t=20 > get to touch the physical hardware... Very nice > > I have no relationship with the entropy-key guys other than being a happy= =20 > customer. They seem like a small shop and I think they deserve a plug (a= nd=20 > really need to work on their presence via google... Searches on this stuf= f=20 > only turn up $400 alternatives... Sheesh) I'm a bit puzzled how that offers much security. Is the advantage that the algorithm for PRNG has to be extracted from the c= hip inside the key before it can be abused? Seems no better than, say: http://www.debian-administration.org/users/dkg/weblog/56 Apart from at least adding a bit more layers in the algorithm. --8323328-1737569384-1269378158=:29587--