[166330] in North American Network Operators' Group
Re: comcast ipv6 PTR
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Thu Oct 17 05:46:13 2013
Date: Thu, 17 Oct 2013 11:45:52 +0200
From: Eugen Leitl <eugen@leitl.org>
To: nanog@nanog.org
In-Reply-To: <20131016230342.9C31B849B4D@rock.dv.isc.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Oct 17, 2013 at 10:03:42AM +1100, Mark Andrews wrote:
> Modern Intel CPU's provide hardware based random numbers. It is
> not like other cpu manufactures can't do the same thing. This
> doesn't increase the chip count or pcb real estate used.
Specifically Intel's RNG is inauditable. It should not be used
as a single source of entropy, but always mixed in with others,
unrelated sources of entropy.
There used to be an USB stick RNG called Entropykey, but that one
is currently unavailable.
A cheap/improvised, trusted way to get some physical entropy could be
USB SDRs http://sdr.osmocom.org/trac/wiki/rtl-sdr
especially if hooked up to an analog wideband white noise generator
http://www.maximintegrated.com/app-notes/index.mvp/id/3469
instead of just listening to the aether.
Never use entropy as is, mix it into a PRNG, use as many
entropy sources as you can. Packet timing (IRQs) can be
a source of entropy in a network device.
> It's time CPE Router vendors did a re-think.
