On 5/13/2012 2:11 PM, Alexander Gurvitz wrote:
> My personal conclusions are that as I'll be using RSA only,
> I don't need to worry about named.conf random device.
That's not accurate. BIND uses random bits for other things as well. A
decent source of entropy for /dev/random is a requirement for
On Fri, May 11, 2012 at 12:57 AM, Mark Andrews wrote:
>
>
> > What random device used for ?
> > ... I don't get why signing a zone requires any randomness.
>
> It doesn't for RSA. However DSA does require randomness.
>
> > Does BIND really needs that entropy, and how much ?
>
> Yes, if you are u
Warren wrote on 05/10/2012 04:14:01 PM:
> Multiple options:
> 1: install haveged (http://www.irisa.fr/caps/projects/hipsor/) --
> this will provide you with much randomness [0].
> 2: buy a USB entropy widget (for example: http://www.entropykey.co.uk/)
> 3: See if there is a driver for your TPM --
In message
, Alexander Gurvitz writes:
> Hello all.
>
> What random device used for ?
> ARM says "Entropy is primarily needed for DNSSEC=A0operations,
> such as ... dynamic update of signed zones". I don't get why signing a zone
> requires any randomness.
It doesn't for RSA. However DSA does r
Some signature methods require this, some do not. RSA should not (in general)
but RSA encryption in practice may. Signing is different, in that you know
both halves (encrypted and cleartext) so it should not require padding.
I think DSA does require randomness in signing.
--Michael
On May 10
Hi there,
On Thu, 10 May 2012, Alexander Gurvitz wrote:
What random device used for ?
Cryptographic operations, loading libraries in random locations to
avoid insidious attacks, that kind of thing.
This bothers me as I'm implementing DNSSEC now, and I know that my systems
are low at entropy
On May 10, 2012, at 3:41 PM, Alexander Gurvitz wrote:
> Hello all.
>
> What random device used for ?
> ARM says "Entropy is primarily needed for DNSSEC operations,
> such as ... dynamic update of signed zones". I don't get why signing a zone
> requires any randomness.
>
> This bothers me as I'm
7 matches
Mail list logo
