[talk] [nycbug-talk] FreeBSD abandoning hardware randomness

Isaac (.ike) Levy ike at blackskyresearch.net
Sun Nov 2 23:37:13 EST 2014


On Sun, 02 Nov 2014 23:12:00 -0500
Brian Callahan <bcallah at devio.us> wrote:

> 
> On 11/02/14 21:13, Isaac (.ike) Levy wrote:
> > On Sun, 2 Nov 2014 20:34:34 -0500
> >
> >> TrueRNG – Hardware Random Number Generator USB
> >> http://ubld.it/products/truerng-hardware-random-number-generator/
> >>
> >> I'm excited to see this, what do people think?  $47 feels a bit
> >> high though...
> >>
> >> Rocket-
> >> .ike
> > And, as I continued looking for info online, came across another:
> >
> > "OneRNG" - totally open spec,
> > http://moonbaseotago.com/onerng/
> >
> 
> Hmm... a couple things come to mind:
> First, TrueRNG seems to be a black box. So that's pretty much a
> non-starter.

Hrm.  I think I agree with you there- since the point is to do better
with this problem than software, (a lot better), it could be argued to
be a particularly un-kosher place for blackbox hardware.

> 
> Looks like OneRNG is only for Linux (atm); it requires udev to talk
> to the kernel... someone would need to write the necessary software.

Interesting...

> 
> But I'm not sure the problem these devices are trying to solve are 
> problems for the BSDs, at least OpenBSD.

;) I can see where that line of reasoning goes.

Yet, I'd say we can *always* use better HW entropy sources,
(particularly ones which are cheap and replacable if they are
compromised- like these USB sticks).

Where can my headless, microphone-less head-less servers get their
entropy?  What if I even disabled entropy seeding/harvesting in the NIC
because it doesn't really do any good with my app/use?

If you know a good way out of these issues without hardware interfaces
to the "real and random" world, I'm all ears!

> 
> ~Brian

Rocket-
.ike




More information about the talk mailing list