Re: entropy + openSSL question

From: Brian Hatch (
Date: 02/20/03

  • Next message: focus-linux: "Fw: goldfish"
    Date: Wed, 19 Feb 2003 15:41:35 -0800
    From: Brian Hatch <>

    > > Then... I start again with my first question. there?s a good way to
    > > generate entropy??? [Suppose that the machine who generates the key will
    > > not have much interrupts because anybody are in front of the keyboard to
    > > generate it]
    > Robert M Love has put together some patches for the Linux kernel to add
    > network interfaces to the device drivers that generate entropy for the
    > random pool: Note that this is of
    > debatable value; since network traffic may be seen or even controlled by
    > attackers, it may or may not add real entropy to the pool. You need to
    > decide for yourself if this is a concern.

    I believe[0] you can write to /dev/random and /dev/urandam to increase the
    entropy contained in them. Of course, you should only write data that
    is of equivalent entropy to them. Sending non-random data to /dev/random
    defeats the purpose entirely.

    One option is to take data from an external random source, such as
    hotbits[1] or lavarnd[2] when it goes back online.

    [0] I have heard this, but have not verified this myself through an
        actual code review.



    Brian Hatch                  We waste time so
       Systems and                you don't have to.
       Security Engineer
    Every message PGP signed