Marek Podmaka schrieb:
Hello, Wednesday, November 15, 2006, 2:03:34, "Uwe A. P. Würdinger" wrote:apt-get install rng-tools echo 'RNGDOPTIONS="-b -r /dev/urandom"' >> /etc/default/rng-tools /etc/init.d/rng-tools startI just did this before 2 days :)
Depends how random your random has to be. I wouldn't use it on a system that handles real sesitive data like credit card data etc. but it's good enough for a webmail or community site.But my question is how bad this is?
You could use hardware entropy pools if you need more random random or in a big setup with lots of entropy needs you could use a dedicated mashine as entropy pool for all the servers.
We do that in a couple of installations :-)
Honestly, I don't have the time right now to look into the implementation of /dev/random and /dev/urandom andWe are in fact trying to generate some entropy for /dev/random from /dev/urandom. I think urandom output is determined by the /dev/random state... And we are reading from urandom when the entropy is low (ok, maybe we read in ahead of this). But aren't we creating some loop here? But as a temp solution it is good :)
the one who would know is on vacation right now. But hey look in the source yourself if you really wonna know. greets Uwe -- Uwe A. P. Würdinger IT Security Engineer X-tec GmbH http://www.x-tec.de