Hi, following up your quote from Jack Lloyd:
> The problem of gathering large amounts of entropy on a system without a > kernel provided/protected PRNG and a local attacker is not a satisfactorily > solved one to my knowledge. I'll note that the system I'm seeing these messages from has both /dev/urandom and /dev/random, and I'm monitoring the estimated entropy in the /dev/random pool, and it sits comfortably at 4096 bits most of the time, ref. the attached graph. > Also, if earlier polls (eg /dev/random or EGD) succeed, then we > will never query these sources at all, as spawning off all > these processes is quite slow, so we avoid it except in cases > where it is necessary due to lack of other options. Ref. above, I'm still seeing these messages, indicating that either the Botan library didn't get the required bits from /dev/random or /dev/urandom (which should in itself be an inexhaustible source of pseudo-random bits), or this statement isn't quite correct for the version I'm using. My botan package is version 1.8.14 (which could possibly stand an update to at least something 1.10ish). Regards, - HÃ¥vard
<<inline: entropy-day.png>>
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
