[ubuntu-hardened] rngd: enable hardware-supported random generators.

daniel curtis sidetripping at gmail.com
Wed Dec 23 10:21:46 UTC 2015


Hello Seth.

>> The Linux /dev/random and /dev/urandom interfaces are tricky.
>> There's widespread agreement that these interfaces are
>> needlessly difficult to use correctly (...)

Okay, thank You for the clarification. Honestly, I did not know about
contentious debate about the way the /dev/random interface
decreases the "amount of available entropy" when /dev/random is
read etc. It's worth to know about it. (Of course I will check your
favorite critique from Mr Bernstein).

I have one more question. What do You think about a Haveged[1]? It
is an attempt to provide an easy to use, unpredictable rng based
on the HAVEGE algorithm. There is an opinion saying that if an
user have a specific reason to not trust hardware random number
generator on his system, he should try to use the 'rng-tools'
(I mentioned about 'rng' in my first message).

Coming back to the mentioned list of available entropy (via
/proc/sys/kernel/random/entropy_avail): it is true that if collected
entropy is rather low (let say less than 1000), user should probably
install haveged? According to what haveged is etc., what is your
opinion?

>> However I do not think that having one or not would actually
>> influence your system's security (...)

Thank You for your opinion and answer.

Best regards.
____________
[1] http://linux.die.net/man/8/haveged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151223/b1a82c84/attachment.html>


More information about the ubuntu-hardened mailing list