While at the subject of random number generation, I would like to plug the "frandom" package (+kernel module), , as it has been very useful to me. It is available in NixOS through the use of services.frandom.enable = true.
It uses the kernel random device but provides an extremely fast /dev/frandom to use from userspace (20x speedup compared to /dev/urandom on my system). This makes it the perfect source for filling up disks before putting some full-disk-encryption on top of. Failing to do so will make a disk vulnerable to forensic analysis, as untouched/empty spots "shine through", but filling a 3TB disk with /dev/urandom just takes the fun out of your newly-bought disk as it will take more than 3 days. frandom will do so in a matter of hours (for non-ssd disks, disk write speed will be the bottleneck, making a wipe essentially as fast as dd'ing with /dev/zero.). I understand rngd is about the opposite functionality (getting random into the kernel instead of out), so this was probably a bit off-topic ;) On Thu, Nov 29, 2012 at 1:08 AM, Peter Simons <[email protected]> wrote: > Hi Shea, > > > If your cpu doesn't support RdRand and you don't have either of those > > devices, rngd won't get triggered to start (and if it did, it would > > fail on startup). > > ah, I see. I didn't know about the RdRand CPU instruction. Thank you for > the explanation. > > Take care, > Peter > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
