[linux-elitists] ssh hygiene

Don Marti dmarti@zgp.org
Tue Apr 30 13:08:36 PDT 2002


begin Steve Beattie quotation of Tue, Apr 30, 2002 at 12:25:02PM -0700:

Great thread on /dev/random and generating sufficient
quantities of random bits to do IPSEC here:
http://www.openpgp.net/random/combo/msg00035.html

> The problem with using /dev/random directly is that for things like
> firewalls (where you really care about security), there may not be a lot
> of sources of entropy (no mice, no harddisks). That said, perhaps it
> should be a configurable option.

/dev/random seems to draw randomness from four places: the keyboard
(timing and scancode), the mouse (timing and position), and just
timings for interrupts and block requests.   

You could certainly build random hardware to stir
/dev/random with, but as Ted Ts'o points out here:
http://www.openpgp.net/random/combo/msg00044.html it's hard to tell
when your hardware RNG breaks and starts spewing predictable data.

If your firewall box has a sound card, maybe you could just hook up
a mic cable-tied next to a fan inside the case, and stir /dev/random
from /dev/audio.

Anyone ever figure out how to read the elusive Intel random number
hardware?

-- 
Don Marti                                          
http://zgp.org/~dmarti                       Help spread accurate information 
dmarti@zgp.org                      about Xenu and the Church of Scientology.
KG6INA           <a href="http://xenu.net/">Scientology</a> on your web site.



More information about the linux-elitists mailing list