Re: what hardware entropy usb key equivalent Simtec entropy key take ?
Il 25/05/2014 20:57, tux.tsn...@free.fr ha scritto: > As you know it is not more possible to buy a Simtec entropy usb key since > many years, so my question what hardware entropy usb key do you recommend now > to replace it (not too expensive) ? > PS: need to be compatible with GNU Linux / Debian You could use gnuk (includes 'quite' secure openpgp card), or only its TRNG NeUg: http://www.fsij.org/gnuk/neug_version1_0 Readily available on seeedstudio (pre-programmed with gnuk, if you only want NeUg you need to flash it yourself). Hope it helps. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what hardware entropy usb key equivalent Simtec entropy key take ?
http://ubld.it/products/truerng-hardware-random-number-generator/ seems to be the closest I've seen in regards to a "USB stick" form factor and price. It doesn't use the ekeyd daemon for adding entropy to the pool, but rather shows up as a virtual serial port and one can use rngd to feed that data into the kernel pool. I have no personal experience with that product, but it would seem that even if the entropy source was compromised in some way, that would not be a major issue -- rngd does tests to detect biasing (which admittedly won't catch more subtle manipulation) and /dev/random would stir the pool with entropy from various sources, so it can only help. While not a direct, drop-in replacement for the Entropy Key, I found that a Raspberry Pi and it's internal hardware random number generator makes a good source. The internal HWRNG in the Pi is extremely fast (>700kbps). I've not personally setup a Pi to share entropy over the network, but I'd imagine this is something that could be reasonably done. I only have the HWRNG generating entropy for local use. Anyone have experience with a network setup? In regards to getting the Pi's HWRNG setup, http://vk5tu.livejournal.com/43059.html has all the details. It's basically three steps: 1. Add "bcm2708_rng" to /etc/modules, then run "modprobe bcm2708_rng" to activate the module. 2. Install the rng-tools package. 3. Edit /etc/defaults/rng-tools to access the HWRNG and feed the kernel pool. My /etc/defaults/rng-tools file looks a bit different than that of the previously-mentioned website. Here's the relevant lines from my file: ### #Specify the HWRNG device HRNGDEVICE=/dev/hwrng # Check the kernel entropy pool once per second, and add HW-generated entropy if it drops below 90%. # You can change these values to whatever you feel would work best for you. RNGDOPTIONS="--fill-watermark=90% --feed-interval=1" ### Please note this assumes that the HWRNG has not been subverted, broken, or doing something unexpected. I hope this helps. Cheers! -Pete On Sun, May 25, 2014 at 8:57 PM, wrote: > Hello alls, > > As you know it is not more possible to buy a Simtec entropy usb key since > many years, so my question what hardware entropy usb key do you recommend now > to replace it (not too expensive) ? > > PS: need to be compatible with GNU Linux / Debian > > Thanks in advanced for your return. > > Best Regards > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
what hardware entropy usb key equivalent Simtec entropy key take ?
Hello alls, As you know it is not more possible to buy a Simtec entropy usb key since many years, so my question what hardware entropy usb key do you recommend now to replace it (not too expensive) ? PS: need to be compatible with GNU Linux / Debian Thanks in advanced for your return. Best Regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hotplate
While this is definitely, definitely, definitely off topic. I, for one, am looking forward to the absolute demise of java. http://zerovm.org and NaCL in general. LLVM -> .p(ortable)exe -> exe in sandbox. The LLVM revolution is coming!! ;-P -tim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to brute force
On Sat, May 17, 2014 at 10:51:40AM +0200, Peter Lebbing wrote: > You can't object to scientific theories on the basis that you did not > study them properly. It might have a bit of a Socratic feel to it, but > it quite falls short of the real thing. Just for the record: I do not feel like I ever objected to a scientific theory on the basis I did not study it properly. I merely object*ed* to Robert's interpretation of them, stating that my objections might be invalid due to my incomplete study of the underlying theories (which turned out to be the case). Thanks for the discussion, Leo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hotplate
Over this Memorial Day weekend I've got two major priorities -- one is to add something to the FAQ regarding certificate generation, and the other is to force myself to learn JavaFX [1]. Anyway. I figured to use recent heated -- pardon the pun -- discussions on this list as fodder for a small excursion into JavaFX, and Hotplate is the result. It's a small app that will let you toy around with different numbers and see how they, the Landauer bound, and the Margolus-Levitin limit, affect the time and heat required to brute-force a 128-bit cipher. If you're interested in looking at it, the very first thing you should do is visit http://java.com to get the latest version of the Java virtual machine. Once that's taken care of, you have two choices: 1. Hit http://sixdemonbag.org/Hotplate.jnlp and launch the application through Java Web Start. [2] 2. Download it from http://sixdemonbag.org/Hotplate.jar and double-click to execute. The application is signed in accordance with Java's normal practices. If you get a warning about an invalid signature, don't run it. If you don't trust Java's signing process, you can download a GnuPG-generated clearsig from http://sixdemonbag.org/Hotplate.jar.asc . Full source code is included inside the jarfile, and the entire thing is contributed to the public domain. Enjoy. [1] Not that I'm particularly keen on it, mind you, but the first question hiring managers ask in the DC metro area is, "Are you up with the latest Java technologies?" It pays to learn it just so you can get hired for a job where you'll never use it. [2] Probably the simplest, but not exactly recommended. Java Web Start is a pretty effective malware vector. But if you've got it installed already, well... signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users