[5388] in cryptography@c2.net mail archive
Re: linux-ipsec: Re: Summary re: /dev/random
daemon@ATHENA.MIT.EDU (Henry Spencer)
Fri Aug 13 12:12:06 1999
Date: Wed, 11 Aug 1999 15:49:17 -0400 (EDT)
From: Henry Spencer <henry@spsystems.net>
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: "Theodore Y. Ts'o" <tytso@mit.edu>, cryptography@c2.net,
linux-ipsec@clinet.fi
In-Reply-To: <v04210100b3d7751fb125@[24.218.56.100]>
On Wed, 11 Aug 1999, Arnold G. Reinhold wrote:
> This thread started over concerns about diskless nodes that want to
> run IPsec. Worst case, these boxes would not have any slots or other
> expansion capability. The only source of entropy would be network
> transactions, which makes me nervous...
An interesting alternative, I think, is an add-on RNG which could go on a
serial or parallel port. The bandwidth achievable without loading down
the machine is limited, but we don't need tremendous speeds, and many PCs
used as routers, firewalls, etc. have such ports sitting idle. Even
semi-dedicated diskless boxes would *often* have one of those.
The problem with slots is, what flavor do you pick? PCI is, I gather,
rather complicated to interface to. Also, since it's the preferred
technology for fast networking boards, and tends to come in limited
numbers, the PCI slots often are fully spoken for. ISA is a lot simpler,
but its days now seem to be numbered.
Henry Spencer
henry@spsystems.net
(henry@zoo.toronto.edu)
