Re: [arch-general] [arch-dev-public] adding rng-tools to extra?
On Mon, 04 Jun 2012 09:47:57 +0200 Tobias Powalowski wrote:
Ok as discussed on IRC, haveged seems the better choice because rng-tools need a real hw generator to work correct.
Why not both. Multiple sources will probably increase the unpredictability and strength or reduce the effectiveness of predictability flaws (not saying there are any), which should be a factor as well. Ideally the IDE timings will be expanded to include all sorts of timings but I think that's the kernel devs not Arches remit. Maybe as this is a functional problem it may get enough attention from the kernel devs? Funnily enough a mail, though the link is quite old now just hit the OpenBSD list. _______________________________________________________________________ An interesting read for sysops and admins. The analytics indirectly validate openBSD dev's longstanding pedantic-ness regarding random-ness and entropy (thank you). http://www.h-online.com/security/news/item/RSA-keys-not-as-random-as-they-sh... _______________________________________________________________________
[2012-06-04 14:18:09 +0100] Kevin Chadwick:
Multiple sources will probably increase the unpredictability and strength or reduce the effectiveness of predictability flaws
Quite the contrary: if you have one weak source, it'll make the kernel believe it has more entropy that it actually has, while other sources, seeing as you've filled your entropy pool, won't contribute to it, leaving you with the fake entropy. Better a single good source than one bad and many good ones. Or guess what kind of problem you'll run into...
http://www.h-online.com/security/news/item/RSA-keys-not-as-random-as-they-sh...
-- Gaetan
On Tue, 5 Jun 2012 00:01:08 +1000 Gaetan Bisson wrote:
Quite the contrary: if you have one weak source, it'll make the kernel believe it has more entropy that it actually has, while other sources, seeing as you've filled your entropy pool, won't contribute to it, leaving you with the fake entropy.
Better a single good source than one bad and many good ones. Or guess what kind of problem you'll run into...
I suggest you look into OpenBSDs methods that use many sources. No one mentioned weak sources. Note: they weren't too impressed with haveged. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/rnd.c?rev=1.140;content-ty...
On Mon, 4 Jun 2012 14:18:09 +0100 Kevin Chadwick wrote:
all sorts
That was a bad choice of words by me however.
participants (2)
-
Gaetan Bisson
-
Kevin Chadwick