On Fri, May 11, 2012 at 12:57 AM, Mark Andrews ma...@isc.org wrote:
What random device used for ?
... I don't get why signing a zone requires any randomness.
It doesn't for RSA. However DSA does require randomness.
Does BIND really needs that entropy, and how much ?
Yes, if you are
On 5/13/2012 2:11 PM, Alexander Gurvitz wrote:
My personal conclusions are that as I'll be using RSA only,
I don't need to worry about named.conf random device.
That's not accurate. BIND uses random bits for other things as well. A
decent source of entropy for /dev/random is a requirement for
Warren wrote on 05/10/2012 04:14:01 PM:
Multiple options:
1: install haveged (http://www.irisa.fr/caps/projects/hipsor/) --
this will provide you with much randomness [0].
2: buy a USB entropy widget (for example: http://www.entropykey.co.uk/)
3: See if there is a driver for your TPM --
Hello all.
What random device used for ?
ARM says Entropy is primarily needed for DNSSEC operations,
such as ... dynamic update of signed zones. I don't get why signing a zone
requires any randomness.
This bothers me as I'm implementing DNSSEC now, and I know that my systems
are low at entropy,
On May 10, 2012, at 3:41 PM, Alexander Gurvitz wrote:
Hello all.
What random device used for ?
ARM says Entropy is primarily needed for DNSSEC operations,
such as ... dynamic update of signed zones. I don't get why signing a zone
requires any randomness.
This bothers me as I'm
Hi there,
On Thu, 10 May 2012, Alexander Gurvitz wrote:
What random device used for ?
Cryptographic operations, loading libraries in random locations to
avoid insidious attacks, that kind of thing.
This bothers me as I'm implementing DNSSEC now, and I know that my systems
are low at
Some signature methods require this, some do not. RSA should not (in general)
but RSA encryption in practice may. Signing is different, in that you know
both halves (encrypted and cleartext) so it should not require padding.
I think DSA does require randomness in signing.
--Michael
On May
In message CABUciR=m+b45ddzyv2j8z9+ltvuy4rwh+kp3e8njyahdpy-...@mail.gmail.com
, Alexander Gurvitz writes:
Hello all.
What random device used for ?
ARM says Entropy is primarily needed for DNSSEC=A0operations,
such as ... dynamic update of signed zones. I don't get why signing a zone
8 matches
Mail list logo