[5402] in cryptography@c2.net mail archive
Re: linux-ipsec: Re: Summary re: /dev/random
daemon@ATHENA.MIT.EDU (Gary E. Miller)
Sat Aug 14 13:15:51 1999
Date: Fri, 13 Aug 1999 15:36:12 -0700 (PDT)
From: "Gary E. Miller" <gem@rellim.com>
Reply-To: gary miller <gem@rellim.com>
To: Derek Atkins <warlord@MIT.EDU>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>, cryptography@c2.net,
linux-ipsec@clinet.fi, Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <sjmaervl3z8.fsf@rcn.ihtfp.org>
Yo Derek!
I know a lot of people that use diskless, keyboardless computers
as routers and terminal servers. I think a few small companies like
Cisco, Ascend, Bay Networks, etc. make these things. :-)
They have even been known to sell them as VPN gateways to encrypt
local LAN traffic as they route it on to the internet. A few
smaller copmanies like Shiva have been known to dabble in them.
RGDS
GARY
On 13 Aug 1999, Derek Atkins wrote:
> Date: 13 Aug 1999 18:18:03 -0400
> From: Derek Atkins <warlord@mit.edu>
> To: Arnold G. Reinhold <reinhold@world.std.com>
> Cc: cryptography@c2.net, linux-ipsec@clinet.fi,
Bill Stewart <bill.stewart@pobox.com>
> Subject: linux-ipsec: Re: Summary re: /dev/random
>
> Um, pardon my ignorance, but what is the point of a diskless,
> keyboardless computer that requires such high security? If the only
> interface is the network, what good is it? I can see being diskless
> (although why anyone would build a diskless machine in today's world,
> I have no idea -- it certainly doesn't significantly affect the cost
> of the machine). I used to have a diskless sun as my workstation.
> But it still had a keyboard.
>
> Did you have a specific usage in mind, here? I certainly cannot
> imagine a use for such a beast today. Even my palmpilot has user
> input.
>
> -derek
>
> "Arnold G. Reinhold" <reinhold@world.std.com> writes:
>
> >
> > At 12:25 PM -0400 8/11/99, Theodore Y. Ts'o wrote:
> > > Date: Tue, 10 Aug 1999 11:05:44 -0400
> > > From: "Arnold G. Reinhold" <reinhold@world.std.com>
> > >
> > > A hardware RNG can also be added at the board level. This takes
> > > careful engineering, but is not that expensive. The review of the
> > > Pentium III RNG on www.cryptography.com seems to imply that Intel is
> > > only claiming patent protection on its whitening circuit, which is
> > > superfluous, if not harmful. If so, their RNG design could be copied.
> > >
> > >I've always thought there was a major opportunity for someone to come up
> > >with an ISA (or perhaps even a PCI) board which had one or more circuits
> > >(you want more than one for redundancy) that contained a noise diode
> > >hooked up to a digitizing circuit. As long as the hardware interface
> > >was open, all of the hard parts of a hardware RNG, could be done in
> > >software.
> >
> > This thread started over concerns about diskless nodes that want to
> > run IPsec. Worst case, these boxes would not have any slots or other
> > expansion capability. The only source of entropy would be network
> > transactions, which makes me nervous. That is why I feel we should
> > pressure manufacturers of such boards to include hardware RNG
> > capability in one form or another.
> >
> > Generic PC's these days come with audio input or can have a sound
> > card added easily. Open software that would characterize, monitor and
> > whiten the output of an analog noise source connected to the audio-in
> > port would meet a lot of needs.
> >
> > Arnold Reinhold
> >
> >
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
> warlord@MIT.EDU PGP key available
>
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701
gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
