entropy sources

Gilles Espinasse g.esp at free.fr
Sat Jul 12 07:49:06 PDT 2008


----- Original Message ----- 
From: "Chris Buxton" <cbuxton at menandmice.com>
To: "Hardened LFS Development List" <hlfs-dev at linuxfromscratch.org>
Sent: Saturday, July 12, 2008 1:13 AM
Subject: entropy sources


> What sources of entropy can we give to an HLFS system? I'm concerned
> about /dev/random in a headless, diskless appliance. Obviously, we
> have /dev/{u,f,e}random for most day-to-day operations, but for some
> applications, /dev/random is needed. For example, when generating ssh
> keys, and also when creating other high-security keys like DNSSEC keys.
>
In the last kernel message to remove the last entropy collection from
network drivers
http://readlist.com/lists/vger.kernel.org/linux-kernel/101/506082.html
I find a reference to clrngd that is not described in entropy hint.
http://freshmeat.net/projects/clrngd/

Having an entropy gathering demon could be a prerequisite on 2.6 kernel for
headless machines with no more entropy sampled from network.
Hardware generator may be the ideal solution but far from all existing
machines have one. I have one compilation machine wich sometime suffer from
empty random pool.

I have compiled clrngd and just run once.

What I like to this approach is that it does not require a driver/hardware
unlike audio/video or real hw generator. So that should be easy to run on
any machines without hw generator.
I would welcome experience from other on clrngd (cpu load, randomness,...)

Gilles




More information about the hlfs-dev mailing list