best way to create entropy?

shawn wilson ag4ve.us at gmail.com
Sun Oct 14 05:43:53 UTC 2012


again, to add some input to my own question - i happened to be
compiling openssh and found this in the install doc:

NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
/dev/random, or failing that, either prngd or egd

PRNGD:

If your system lacks kernel-based random collection, the use of Lutz
Jaenicke's PRNGd is recommended.

http://prngd.sourceforge.net/

EGD:

The Entropy Gathering Daemon (EGD) is supported if you have a system which
lacks /dev/random and don't want to use OpenSSH's internal entropy collection.

http://www.lothar.com/tech/crypto/



hopefully i'll find the time to figure out what is different about
"OpenSSH's internal entropy collection", the above systems, and
haveged.


On Sat, Oct 13, 2012 at 10:11 PM, Jasper Wallace <jasper at pointless.net> wrote:
> On Thu, 11 Oct 2012, Dan White wrote:
>
>> On 10/11/12 17:08 -0700, Jonathan Lassoff wrote:
>> > On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us at gmail.com> wrote:
>> > > in the past, i've done many different things to create entropy -
>> > > encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a
>> > > kernel. but, what is best? just whatever gets your cpu to peak or are
>> > > some tasks better than others?
>> >
>> > Personally, I've used and recommend this USB stick:
>> > http://www.entropykey.co.uk/
>> >
>> > Internally, it uses diodes that are reverse-biased just ever so close
>> > to the breakdown voltage such that they randomly flip state back and
>> > forth.
>>
>> +1.
>
> and with ekeyd-egd-linux you can distribute the entropy from an entropykey
> over the net - great for giving vm some randomness.
>
> --
> [http://pointless.net/]                                   [0x2ECA0975]



More information about the NANOG mailing list