On Csü, Március 25, 2010 20:23, li...@m8y.org wrote: > On Thu, 25 Mar 2010, Ed W wrote: > >> On 23/03/2010 21:02, li...@m8y.org wrote: >>> On Tue, 23 Mar 2010, Ed W wrote: >>> >>> > OK, so to conclude the previous thread - I bought an entropy key >>> from >>> > the nice folks at Simtec via http://entropykey.co.uk >>> > >>> > Short version is you plug it in, install the ekeyd package and even >>> on a >>> > hardened installation the entropy pool never deviates from full >>> up... >>> > >>> > Now, at £30 it seems like a bargain for a fancy random number >>> generator, >>> > but then I read that the daemon can be switched to pipe the data out >>> in >>> > "egd" format and essentially you can have one machine supply high >>> > volumes of random numbers for a fair number of networked clients. >>> In my >>> > case this solves the problem of how to pipe entropy to some cheap >>> rented >>> > servers where we don't get to touch the physical hardware... Very >>> nice >>> > >>> > I have no relationship with the entropy-key guys other than being a >>> > happy customer. They seem like a small shop and I think they >>> deserve a >>> > plug (and really need to work on their presence via google... >>> Searches >>> > on this stuff only turn up $400 alternatives... Sheesh) >>> >>> I'm a bit puzzled how that offers much security. >>> Is the advantage that the algorithm for PRNG has to be extracted from >>> the >>> chip inside the key before it can be abused? >>> >>> Seems no better than, say: >>> http://www.debian-administration.org/users/dkg/weblog/56 >>> >>> Apart from at least adding a bit more layers in the algorithm. >> >> I'm not sure what you mean by the link referenced above? The point is >> that >> once the entropy pool is depleted on Linux then operations against >> /dev/random will stall, however, the evolution on linux has been that >> since >> /dev/random is "unreliable" most apps now seem to go directly to >> /dev/urandom >> which is similar, but doesn't block once the entropy pool is empty >> (simply >> the quality of random numbers declines) - however, it's reverting to a >> pseudo >> random number algorithm > > Right, he simply turned /dev/random into /dev/urandom. > I was under the impression the entropy key was simply a fancy PRNG. Now > that I know it offers > true randomness, I'm more impressed. Also curious exactly what it uses as > a source.
http://www.entropykey.co.uk/tech/ Be aware of a 2.6.31 USB serial driver bug - already fixed. Regards: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962 Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
