http://ubld.it/products/truerng-hardware-random-number-generator/ seems to be the closest I've seen in regards to a "USB stick" form factor and price. It doesn't use the ekeyd daemon for adding entropy to the pool, but rather shows up as a virtual serial port and one can use rngd to feed that data into the kernel pool. I have no personal experience with that product, but it would seem that even if the entropy source was compromised in some way, that would not be a major issue -- rngd does tests to detect biasing (which admittedly won't catch more subtle manipulation) and /dev/random would stir the pool with entropy from various sources, so it can only help.
While not a direct, drop-in replacement for the Entropy Key, I found that a Raspberry Pi and it's internal hardware random number generator makes a good source. The internal HWRNG in the Pi is extremely fast (>700kbps). I've not personally setup a Pi to share entropy over the network, but I'd imagine this is something that could be reasonably done. I only have the HWRNG generating entropy for local use. Anyone have experience with a network setup? In regards to getting the Pi's HWRNG setup, http://vk5tu.livejournal.com/43059.html has all the details. It's basically three steps: 1. Add "bcm2708_rng" to /etc/modules, then run "modprobe bcm2708_rng" to activate the module. 2. Install the rng-tools package. 3. Edit /etc/defaults/rng-tools to access the HWRNG and feed the kernel pool. My /etc/defaults/rng-tools file looks a bit different than that of the previously-mentioned website. Here's the relevant lines from my file: ### #Specify the HWRNG device HRNGDEVICE=/dev/hwrng # Check the kernel entropy pool once per second, and add HW-generated entropy if it drops below 90%. # You can change these values to whatever you feel would work best for you. RNGDOPTIONS="--fill-watermark=90% --feed-interval=1" ### Please note this assumes that the HWRNG has not been subverted, broken, or doing something unexpected. I hope this helps. Cheers! -Pete On Sun, May 25, 2014 at 8:57 PM, <tux.tsn...@free.fr> wrote: > Hello alls, > > As you know it is not more possible to buy a Simtec entropy usb key since > many years, so my question what hardware entropy usb key do you recommend now > to replace it (not too expensive) ? > > PS: need to be compatible with GNU Linux / Debian > > Thanks in advanced for your return. > > Best Regards > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Pete Stephenson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
