[8063] in cryptography@c2.net mail archive
RE: Lots of random numbers
daemon@ATHENA.MIT.EDU (Trei, Peter)
Thu Nov 16 17:46:15 2000
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A91EA40@exna07.securitydynamics.com>
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: cryptography@c2.net, "'Rich Salz'" <rsalz@caveosystems.com>
Date: Thu, 16 Nov 2000 17:34:28 -0500
MIME-Version: 1.0
Content-Type: text/plain
Others have responded as to why this is not so hot an idea.
It sounds like your trying to obtain more entropy than you really
need - I would have thought that the built in hardware RNG in
the newer Intel chips would do the job. Barring that, stick in one
of the various cryptographic coprocessor boards; this would allow
you not only to get real random numbers, it would speed up the
keygen stop substantially.
nCipher (partly owned by RSA :-) makes such boards. They work
with Linux.
Peter Trei
> ----------
> From: Rich Salz[SMTP:rsalz@caveosystems.com]
> Sent: Wednesday, November 15, 2000 10:19 PM
> To: cryptography@c2.net
> Subject: Lots of random numbers
>
> I'm putting together a system that might need to generate thousands of RSA
> keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
> folks think of the following: take one machine and dedicate it as an
> entropy
> source. After 'n' seconds turn the network card into promiscuous mode,
> scoop
> up packets and hash them, dump them into the entropy pool. Do this for 'm'
> seconds, then go back to sleep for awhile. The sleep and wake times are
> random numbers. Other systems on the newtwork periodically make an SSL
> connection to the entropy box, read bytes, and dump it into their
> /dev/random
> device.
>
> Is this a cute hack, pointless, or a good idea?
> /r$
>
