Wolfgang S. Rupprecht wrote: > Bill Davidsen <davidsen@xxxxxxx> writes: >> Wolfgang S. Rupprecht wrote: >>> Is there an approved way to increase the speed at which the random pool >>> for /dev/random fills up? I'm playig with dnssec and getnerating 2k rsa >>> keys is taking up to 3 hours. I've been googling a bit and Intel x86_64 >>> machines seem to have random number hardware built in (perhaps also >>> AMD???) Is there a way to funnel this into the entropy pool? >>> >> To be honest, I thought the data from the TCO random generator was funneled in >> already. That's what the "intel-rng" module does. >> >> Current kernel built with: >> CONFIG_HW_RANDOM=y >> CONFIG_HW_RANDOM_TIMERIOMEM=m >> CONFIG_HW_RANDOM_INTEL=m >> CONFIG_HW_RANDOM_AMD=m >> CONFIG_HW_RANDOM_GEODE=m >> CONFIG_HW_RANDOM_VIA=m >> CONFIG_HW_RANDOM_VIRTIO=m > > Thanks. That gave me a few good strings to google for. > >> If your CPU has the hardware the module should be loaded, but you can >> check with "lsmod | grep rng" to be sure, or load manually to >> test. Also virtio_rng might be useful. You might have to load by hand >> to test, then config to load by default if you want. > > It turns out my (2 year old) AMD Phenom 9350e Quad-Core doesn't seem to > have that module loaded. In fact, googling for "AMD hardware random > number generator" got me a few hits of folks running an ms-windows tool > on similar processors and one of the flags checked was for the hardware > rng, which always seemed to be "not supported". I guess the modern CPU > really don't have that hardware any more. How strange (and sad!). > I haven't looked into what virtio-rng does, but it does load on anything I can quickly test, and I doubt it will make your number any worse. There are number of cheap USB rng units around which are supported, I just read about one in Rich Jones' fine blog, http://rwmj.wordpress.com/2010/08/04/usb-hardware-random-number-generator/ which will probably get you started. His analysis is worth reading if only to see that some people still have pride in their product. -- Bill Davidsen <davidsen@xxxxxxx> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
