[157259] in North American Network Operators' Group
Re: best way to create entropy?
daemon@ATHENA.MIT.EDU (shawn wilson)
Thu Oct 11 21:05:20 2012
In-Reply-To: <50776926.1030704@enger.us>
From: shawn wilson <ag4ve.us@gmail.com>
Date: Fri, 12 Oct 2012 01:04:49 +0000
To: "Robert M. Enger" <NANOG@enger.us>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Oct 12, 2012 at 12:49 AM, Robert M. Enger <NANOG@enger.us> wrote:
> On 10/11/2012 5:08 PM, Jonathan Lassoff wrote:
>>
>> On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
>>>
>>> in the past, i've done many different things to create entropy -
>>> encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a
>>> kernel. but, what is best? just whatever gets your cpu to peak or are
>>> some tasks better than others?
>>
>> Personally, I've used and recommend this USB stick:
>> http://www.entropykey.co.uk/
>>
>> Internally, it uses diodes that are reverse-biased just ever so close
>> to the breakdown voltage such that they randomly flip state back and
>> forth.
>>
>> Cheers,
>> jof
>>
> Intel claims to include a hardware Digital Random Number Generator (DRNG) in
> its later generation chips. Is their offering inadequate/discredited?
>
> http://en.wikipedia.org/wiki/RdRand
> http://www.pcmag.com/article2/0,2817,2391367,00.asp
> http://www.intel.com/p/en_US/embedded/innovation/security/walker-article-security
> http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/
>
that's good to know about. i'll have to remember it when tech moves
along in a year or so. but, right now, i don't think i have that
capability. also, i'd prefer to have a chip agnostic solution as a
month or so ago, i wanted to create a key on a raspberry pi (should've
just copied one over) and it took forever to generate enough entropy -
even as i was compiling stuff. after that, i considered tcpdump.
