On entropy and randomness
On entropy and randomness
Posted Dec 14, 2007 15:24 UTC (Fri) by adamgundy (subscriber, #5418)In reply to: On entropy and randomness by cpeterso
Parent article: On entropy and randomness
yeah, we've seen those. the problem is that we intentionally try to stick with the distrib kernel so we don't end up recompiling kernels every time there's a new security patch... the alternatives are to compile our own cyrus with the magic flag telling it to use /dev/urandom (same problem as above, plus we'd have to recompile apache, openvpn, ...), or hack on udev to make it create a /dev/random which is actually /dev/urandom... couldn't convince udev to do that reliably though. rngd seems to do the trick as a userspace workaround. it's main purpose is supposed to be pulling entropy from hardware addons, but it seems to be pretty common to use it the way we do too.
Posted Dec 14, 2007 20:18 UTC (Fri)
by nix (subscriber, #2304)
[Link] (1 responses)
Posted Dec 14, 2007 21:34 UTC (Fri)
by adamgundy (subscriber, #5418)
[Link]
On entropy and randomness
KERNEL=="urandom", NAME="random"
(or SYMLINK, if you prefer)
should do the trick, I'd expect.
On entropy and randomness
pretty sure we tried something like that.. sometimes it would work, sometimes not (timing?)
I forget exactly the issue with udev, we just couldn't convince it to do what we wanted and
rngd worked out of the box.