On May 10, 2012, at 3:41 PM, Alexander Gurvitz wrote: > Hello all. > > What random device used for ? > ARM says "Entropy is primarily needed for DNSSEC operations, > such as ... dynamic update of signed zones". I don't get why signing a zone > requires any randomness. > > This bothers me as I'm implementing DNSSEC now, and I know that my systems > are low at entropy, and BIND default random-device is /dev/random, > and it (the device) blocks when there's no entropy available.
Multiple options: 1: install haveged (http://www.irisa.fr/caps/projects/hipsor/) -- this will provide you with much randomness [0]. 2: buy a USB entropy widget (for example: http://www.entropykey.co.uk/) 3: See if there is a driver for your TPM -- many boxes have them, and many provide good randomness. 4: NOT RECOMMENDED: use /dev/urandom (only for testing) > > Does BIND really needs that entropy, and how much ? Yup. Well, BIND doesn't , but key generation does… W [0]: well, entropy, but I wanted to write much randomness… and I did... > > Regards, > Alexander Gurvitz, > net-me.net > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
