[linux-elitists] ssh hygiene
Tue Apr 30 13:08:36 PDT 2002
begin Steve Beattie quotation of Tue, Apr 30, 2002 at 12:25:02PM -0700:
Great thread on /dev/random and generating sufficient
quantities of random bits to do IPSEC here:
> The problem with using /dev/random directly is that for things like
> firewalls (where you really care about security), there may not be a lot
> of sources of entropy (no mice, no harddisks). That said, perhaps it
> should be a configurable option.
/dev/random seems to draw randomness from four places: the keyboard
(timing and scancode), the mouse (timing and position), and just
timings for interrupts and block requests.
You could certainly build random hardware to stir
/dev/random with, but as Ted Ts'o points out here:
http://www.openpgp.net/random/combo/msg00044.html it's hard to tell
when your hardware RNG breaks and starts spewing predictable data.
If your firewall box has a sound card, maybe you could just hook up
a mic cable-tied next to a fan inside the case, and stir /dev/random
Anyone ever figure out how to read the elusive Intel random number
http://zgp.org/~dmarti Help spread accurate information
email@example.com about Xenu and the Church of Scientology.
KG6INA <a href="http://xenu.net/">Scientology</a> on your web site.
More information about the linux-elitists