> Hmm, since it IS critical that the ssh and VPN keys of a new system be
> very good, you could do something like run "bonnie++" on one of the new
> partitions, until you get enough entropy from block I/O completions.
...
> That said, there are still cases where network traffic _has_ to be enough
> for /dev/random, given that some firewalls (e.g. LRP) can run from only
> ramdisk, so have no other source of entropy than the network traffic.
It's a while since I looked, but I /thought/ entropy only came from
IDE (not for instance from SCSI, and certainly not when everything
is sitting in cache). I have a reasonably active mailserver (SCSI,
no k/b, no mouse, lots of RAM) which doesn't have enough entropy
to cope with SSL/TLS gracefully without relying on the network
traffic (i.e. behaves like it is ramdisk only).
-- Alex Bligh - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:17 EST