Re: [gentoo-hardened] Bought an "entropy-key" - very happy

Thu, 25 Mar 2010 12:24:47 -0700 

On Thu, 25 Mar 2010, Ed W wrote:


On 23/03/2010 21:02, li...@m8y.org wrote:

 On Tue, 23 Mar 2010, Ed W wrote:
> OK, so to conclude the previous thread - I bought an entropy key from > the nice folks at Simtec via http://entropykey.co.uk > > Short version is you plug it in, install the ekeyd package and even on a > hardened installation the entropy pool never deviates from full up... > > Now, at £30 it seems like a bargain for a fancy random number generator, > but then I read that the daemon can be switched to pipe the data out in > "egd" format and essentially you can have one machine supply high > volumes of random numbers for a fair number of networked clients. In my > case this solves the problem of how to pipe entropy to some cheap rented > servers where we don't get to touch the physical hardware... Very nice > > I have no relationship with the entropy-key guys other than being a > happy customer. They seem like a small shop and I think they deserve a > plug (and really need to work on their presence via google... Searches > on this stuff only turn up $400 alternatives... Sheesh) 

 I'm a bit puzzled how that offers much security.
 Is the advantage that the algorithm for PRNG has to be extracted from the
 chip inside the key before it can be abused?

 Seems no better than, say:
 http://www.debian-administration.org/users/dkg/weblog/56

 Apart from at least adding a bit more layers in the algorithm.
I'm not sure what you mean by the link referenced above? The point is that once the entropy pool is depleted on Linux then operations against /dev/random will stall, however, the evolution on linux has been that since /dev/random is "unreliable" most apps now seem to go directly to /dev/urandom which is similar, but doesn't block once the entropy pool is empty (simply the quality of random numbers declines) - however, it's reverting to a pseudo random number algorithm 

Right, he simply turned /dev/random into /dev/urandom.
I was under the impression the entropy key was simply a fancy PRNG.  Now that I 
know it offers
true randomness, I'm more impressed. Also curious exactly what it uses as a 
source.

Reply via email to