On 03/09/13 10:26, Rick van Rein (OpenFortress) wrote: > Hello, > >>> I think anybody using softhsm in production should perhaps be >>> introduced to <http://www.entropykey.co.uk/>. > >> We got a bunch of those entropy keys for servers doing SSL and we >> really like them... it's a very good product. > > Can you please explain what makes you say that? Which of the tests > did you subject the random material to, and what were the outcomes?
Well, I was not expecting to produce a report after throwing that comment, but given it's my fault ;) > > It's lovely to have a +1 vote, but much more useful to have an > evaluation report so we can compare your experience with our own > requirements in our own settings. We have a bunch of production servers that do a lot of SSL work, mostly handling HTTPS connections. When we started having troubles with slow establishing connections, we looked into the entropy level available in the servers, and in many occassions entropy was depleted. We bought two keys for testing, deploy them, and the entropy was there up to 4Kb most of the time. We never saw the slowdowns again. Before deployment, we did some testing and although there was no conclusive results in terms of speed, there was some benefit on the number of HTTPS sessions the server was able to handle. I hope it helps! PS: We don't use the Entropy Keys in our DNSSEC deployment, keys are created within the HSM, which provides high-quality RNG > > -Rick > -- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
