again, to add some input to my own question - i happened to be compiling openssh and found this in the install doc:
NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of /dev/random, or failing that, either prngd or egd PRNGD: If your system lacks kernel-based random collection, the use of Lutz Jaenicke's PRNGd is recommended. http://prngd.sourceforge.net/ EGD: The Entropy Gathering Daemon (EGD) is supported if you have a system which lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ hopefully i'll find the time to figure out what is different about "OpenSSH's internal entropy collection", the above systems, and haveged. On Sat, Oct 13, 2012 at 10:11 PM, Jasper Wallace <jas...@pointless.net> wrote: > On Thu, 11 Oct 2012, Dan White wrote: > >> On 10/11/12 17:08 -0700, Jonathan Lassoff wrote: >> > On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve...@gmail.com> wrote: >> > > in the past, i've done many different things to create entropy - >> > > encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a >> > > kernel. but, what is best? just whatever gets your cpu to peak or are >> > > some tasks better than others? >> > >> > Personally, I've used and recommend this USB stick: >> > http://www.entropykey.co.uk/ >> > >> > Internally, it uses diodes that are reverse-biased just ever so close >> > to the breakdown voltage such that they randomly flip state back and >> > forth. >> >> +1. > > and with ekeyd-egd-linux you can distribute the entropy from an entropykey > over the net - great for giving vm some randomness. > > -- > [http://pointless.net/] [0x2ECA0975]
