Andy Smith wrote: > EntropyKey is a dead product that can no longer be obtained I've seen several like that. They're permanently sold out, or the webshops are abandoned and half-broken. Pure random number generators that are actually possible to buy are rare. That's why I'm investigating whether security keys can be used instead. Security keys are available from multiple vendors, but it's hard to find any information about the random number generators inside them. > OneRNG is still in production. I tried to buy one of those a while ago, but I couldn't because the shop didn't like my card number. > On their mailing list however, there > is a recent discussion about whether there any point. The conclusion > seems to be "not really". Thread starts here: > > http://lists.ourshack.com/pipermail/discuss/2024-March/000797.html > > The thread covers how to make rngd feed /dev/random from a OneRNG in > Debian 12, but it is no longer possible to tell if that does > anything useful. It is indeed harder to tell since Linux stopped keeping track of the entropy level, and it's now necessary to force-feed /dev/random periodically instead of waiting for the entropy level to drop. A random number generator is still useful on a server with no keyboard, no spinning disk and no RDRAND or similar processor instruction. Otherwise network traffic becomes the only source of entropy, and I'd rather not rely solely on events controlled by other computers. It also helps to mix entropy from multiple sources, in case one of them has a design flaw or a backdoor, or breaks down, or loses its driver like in Debian bug 1041007. Björn Persson
Attachment:
pgpWrEGCnLkDG.pgp
Description: OpenPGP digital signatur