> > Then... I start again with my first question. there?s a good way to > > generate entropy??? [Suppose that the machine who generates the key will > > not have much interrupts because anybody are in front of the keyboard to > > generate it] > > Robert M Love has put together some patches for the Linux kernel to add > network interfaces to the device drivers that generate entropy for the > random pool: http://www.tech9.net/rml/linux/ Note that this is of > debatable value; since network traffic may be seen or even controlled by > attackers, it may or may not add real entropy to the pool. You need to > decide for yourself if this is a concern.
I believe[0] you can write to /dev/random and /dev/urandam to increase the
entropy contained in them. Of course, you should only write data that
is of equivalent entropy to them. Sending non-random data to /dev/random
defeats the purpose entirely.
One option is to take data from an external random source, such as
hotbits[1] or lavarnd[2] when it goes back online.
[0] I have heard this, but have not verified this myself through an
actual code review.
[1] http://www.fourmilab.ch/hotbits/
[2] http://www.lavarnd.org/
--
Brian Hatch We waste time so
Systems and you don't have to.
Security Engineer
www.hackinglinuxexposed.com
Every message PGP signed
msg00604/pgp00000.pgp
Description: PGP signature
