Wolfgang S. Rupprecht wrote: > Is there an approved way to increase the speed at which the random pool > for /dev/random fills up? I'm playig with dnssec and getnerating 2k rsa > keys is taking up to 3 hours. I've been googling a bit and Intel x86_64 > machines seem to have random number hardware built in (perhaps also > AMD???) Is there a way to funnel this into the entropy pool? You need two things: 1) an entropy source 2) a program to feed entropy to the kernel As for 1) there are hardware generators based on physical phenomenons (from electronic noise to nuclear decay). I would suggest you to use an audio input sampling some noise (fan noise). The ambient noise in addition to the electrical noise will be a good entropy source if you sample at 48000Hz/16bits. Another opportunity is a webcam (pointed to a fan, blinking LEDs, or a window with wind moving leaves and clouds...) or an analogic TV acquisition board (not tuned). If you take this data and write it into /dev/random, the entropy pool gets cryptographically messed up. But the entropy count will not go up. You need a tool issuing a specific ioctl to do that. Maybe it already exists, if not, it should be just a few lines of C. See: http://en.wikipedia.org/wiki//dev/random Be very conservative with your entropy count (for example: for 1 second of audio, just add 100 bits). I just did a quick test with ambient noise and gzip is almost unable to compress down what I've sampled. That is a sign that there is a good quantity of entropy. Even at these paranoia levels, you will cut down the 3 hours a lot. -- Roberto Ragusa mail at robertoragusa.it -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
