[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lack of entropy

Marek Podmaka schrieb:

Wednesday, November 15, 2006, 2:03:34, "Uwe A. P. Würdinger" wrote:

apt-get install rng-tools
echo 'RNGDOPTIONS="-b -r /dev/urandom"' >> /etc/default/rng-tools
/etc/init.d/rng-tools start

I just did this before 2 days :)

But my question is how bad this is?
Depends how random your random has to be. I wouldn't use it on a system that handles real sesitive data like credit card data etc. but it's good enough for a webmail or community site.

You could use hardware entropy pools if you need more random random or in a big setup with lots of entropy needs you could use a dedicated mashine as entropy pool for all the servers.
We do that in a couple of installations :-)
We are in fact trying to generate some entropy for /dev/random from
/dev/urandom. I think urandom output is determined by the /dev/random
state... And we are reading from urandom when the entropy is low (ok,
maybe we read in ahead of this). But aren't we creating some loop
here? But as a temp solution it is good :)
Honestly, I don't have the time right now to look into the implementation of /dev/random and /dev/urandom and
the one who would know is on vacation right now.

But hey look in the source yourself if you really wonna know.

greets Uwe
Uwe A. P. Würdinger
IT Security Engineer
X-tec GmbH

Reply to: