On Thu, 25 Mar 2010, Ed W wrote: > On 23/03/2010 21:02, lists@m8y.org wrote: >> On Tue, 23 Mar 2010, Ed W wrote: >> >> > OK, so to conclude the previous thread - I bought an entropy key from >> > the nice folks at Simtec via http://entropykey.co.uk >> > >> > Short version is you plug it in, install the ekeyd package and even on a >> > hardened installation the entropy pool never deviates from full up... >> > >> > Now, at £30 it seems like a bargain for a fancy random number generator, >> > but then I read that the daemon can be switched to pipe the data out in >> > "egd" format and essentially you can have one machine supply high >> > volumes of random numbers for a fair number of networked clients. In my >> > case this solves the problem of how to pipe entropy to some cheap rented >> > servers where we don't get to touch the physical hardware... Very nice >> > >> > I have no relationship with the entropy-key guys other than being a >> > happy customer. They seem like a small shop and I think they deserve a >> > plug (and really need to work on their presence via google... Searches >> > on this stuff only turn up $400 alternatives... Sheesh) >> >> I'm a bit puzzled how that offers much security. >> Is the advantage that the algorithm for PRNG has to be extracted from the >> chip inside the key before it can be abused? >> >> Seems no better than, say: >> http://www.debian-administration.org/users/dkg/weblog/56 >> >> Apart from at least adding a bit more layers in the algorithm. > > I'm not sure what you mean by the link referenced above? The point is that > once the entropy pool is depleted on Linux then operations against > /dev/random will stall, however, the evolution on linux has been that since > /dev/random is "unreliable" most apps now seem to go directly to /dev/urandom > which is similar, but doesn't block once the entropy pool is empty (simply > the quality of random numbers declines) - however, it's reverting to a pseudo > random number algorithm Right, he simply turned /dev/random into /dev/urandom. I was under the impression the entropy key was simply a fancy PRNG. Now that I know it offers true randomness, I'm more impressed. Also curious exactly what it uses as a source.