[ubuntu-hardened] rngd: enable hardware-supported random generators.
daniel curtis
sidetripping at gmail.com
Wed Dec 23 10:21:46 UTC 2015
Hello Seth.
>> The Linux /dev/random and /dev/urandom interfaces are tricky.
>> There's widespread agreement that these interfaces are
>> needlessly difficult to use correctly (...)
Okay, thank You for the clarification. Honestly, I did not know about
contentious debate about the way the /dev/random interface
decreases the "amount of available entropy" when /dev/random is
read etc. It's worth to know about it. (Of course I will check your
favorite critique from Mr Bernstein).
I have one more question. What do You think about a Haveged[1]? It
is an attempt to provide an easy to use, unpredictable rng based
on the HAVEGE algorithm. There is an opinion saying that if an
user have a specific reason to not trust hardware random number
generator on his system, he should try to use the 'rng-tools'
(I mentioned about 'rng' in my first message).
Coming back to the mentioned list of available entropy (via
/proc/sys/kernel/random/entropy_avail): it is true that if collected
entropy is rather low (let say less than 1000), user should probably
install haveged? According to what haveged is etc., what is your
opinion?
>> However I do not think that having one or not would actually
>> influence your system's security (...)
Thank You for your opinion and answer.
Best regards.
____________
[1] http://linux.die.net/man/8/haveged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151223/b1a82c84/attachment.html>
More information about the ubuntu-hardened
mailing list