> > Then... I start again with my first question. there?s a good way to > > generate entropy??? [Suppose that the machine who generates the key will > > not have much interrupts because anybody are in front of the keyboard to > > generate it] > > Robert M Love has put together some patches for the Linux kernel to add > network interfaces to the device drivers that generate entropy for the > random pool: http://www.tech9.net/rml/linux/ Note that this is of > debatable value; since network traffic may be seen or even controlled by > attackers, it may or may not add real entropy to the pool. You need to > decide for yourself if this is a concern.
I believe[0] you can write to /dev/random and /dev/urandam to increase the entropy contained in them. Of course, you should only write data that is of equivalent entropy to them. Sending non-random data to /dev/random defeats the purpose entirely. One option is to take data from an external random source, such as hotbits[1] or lavarnd[2] when it goes back online. [0] I have heard this, but have not verified this myself through an actual code review. [1] http://www.fourmilab.ch/hotbits/ [2] http://www.lavarnd.org/ -- Brian Hatch We waste time so Systems and you don't have to. Security Engineer www.hackinglinuxexposed.com Every message PGP signed
msg00604/pgp00000.pgp
Description: PGP signature