On 27/12/2010 17:01, Victor Duchovni wrote:
So why would you change the tls_random_source to use EGD instead of
/dev/urandom?
You wouldn't, if you have a /dev/urandom, use it.
and if you are short of entropy on a busy server then grab one (or more)
of these:
http://www.entropykey.co.uk/
I have a couple now (I have several machines compiled with "hardened"
pax and that depletes entropy extremely quickly) and they are very
simple to install and extremely cheap. I believe they are even fast
enough that you can buy fewer than you have servers and distribute the
entropy using the EGD protocol (helpful for virtualised server pools)
(No relationship other than happy customer)
Ed W
