On Thu, Oct 10, 2013 at 02:50:41PM +0100, Giles Coochey wrote: > 1. The random number generator - As pfSense uses FreeBSD this may > well be a FreeBSD specific question, however, are there any ways > within pfsense that we can improve the entropy pool that the random > number gets its randomness from? Has anyone had any experience of > implementing an external entropy source (e.g. > http://www.entropykey.co.uk/) in pfsense?
The ALIX has a Geode LX 800 with a hardware RNG, and mini-PCI slots which be be populated e.g. with a HiFn crypto accelerator which also has a hardware RNG. I would be interested to know what happens if you have two or more hardware RNGs in your system (can you bind these to different /dev/ devices?). There's also the problematic behaviour of hardware RNG overruling Yarrow, if present. I'd prefer that all hardware RNGs and other sources of physical entropy, if available, be mixed in into a large-state PRNG, as many hardware RNGs are crappy, and most are unauditable. _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list