Re: entropy + openSSL question
From: Brian Hatch (firstname.lastname@example.org)
- Previous message: Zow: "Re: LKM Trojan installed"
- In reply to: Seth Arnold: "Re: entropy + openSSL question"
- Next in thread: Steffen Dettmer: "Re: entropy + openSSL question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Feb 2003 15:41:35 -0800 From: Brian Hatch <email@example.com> To: firstname.lastname@example.org
> > Then... I start again with my first question. there?s a good way to
> > generate entropy??? [Suppose that the machine who generates the key will
> > not have much interrupts because anybody are in front of the keyboard to
> > generate it]
> Robert M Love has put together some patches for the Linux kernel to add
> network interfaces to the device drivers that generate entropy for the
> random pool: http://www.tech9.net/rml/linux/ Note that this is of
> debatable value; since network traffic may be seen or even controlled by
> attackers, it may or may not add real entropy to the pool. You need to
> decide for yourself if this is a concern.
I believe you can write to /dev/random and /dev/urandam to increase the
entropy contained in them. Of course, you should only write data that
is of equivalent entropy to them. Sending non-random data to /dev/random
defeats the purpose entirely.
One option is to take data from an external random source, such as
hotbits or lavarnd when it goes back online.
 I have heard this, but have not verified this myself through an
actual code review.
-- Brian Hatch We waste time so Systems and you don't have to. Security Engineer www.hackinglinuxexposed.com Every message PGP signed
- application/pgp-signature attachment: stored