----- Original Message -----
From: "Chris Buxton" <[EMAIL PROTECTED]>
To: "Hardened LFS Development List" <hlfs-dev@linuxfromscratch.org>
Sent: Saturday, July 12, 2008 1:13 AM
Subject: entropy sources
> What sources of entropy can we give to an HLFS system? I'm concerned
> about /dev/random in a headless, diskless appliance. Obviously, we
> have /dev/{u,f,e}random for most day-to-day operations, but for some
> applications, /dev/random is needed. For example, when generating ssh
> keys, and also when creating other high-security keys like DNSSEC keys.
>
In the last kernel message to remove the last entropy collection from
network drivers
http://readlist.com/lists/vger.kernel.org/linux-kernel/101/506082.html
I find a reference to clrngd that is not described in entropy hint.
http://freshmeat.net/projects/clrngd/
Having an entropy gathering demon could be a prerequisite on 2.6 kernel for
headless machines with no more entropy sampled from network.
Hardware generator may be the ideal solution but far from all existing
machines have one. I have one compilation machine wich sometime suffer from
empty random pool.
I have compiled clrngd and just run once.
What I like to this approach is that it does not require a driver/hardware
unlike audio/video or real hw generator. So that should be easy to run on
any machines without hw generator.
I would welcome experience from other on clrngd (cpu load, randomness,...)
Gilles
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
