[talk] [nycbug-talk] FreeBSD abandoning hardware randomness
Isaac (.ike) Levy
ike at blackskyresearch.net
Sun Nov 2 23:37:13 EST 2014
On Sun, 02 Nov 2014 23:12:00 -0500
Brian Callahan <bcallah at devio.us> wrote:
>
> On 11/02/14 21:13, Isaac (.ike) Levy wrote:
> > On Sun, 2 Nov 2014 20:34:34 -0500
> >
> >> TrueRNG – Hardware Random Number Generator USB
> >> http://ubld.it/products/truerng-hardware-random-number-generator/
> >>
> >> I'm excited to see this, what do people think? $47 feels a bit
> >> high though...
> >>
> >> Rocket-
> >> .ike
> > And, as I continued looking for info online, came across another:
> >
> > "OneRNG" - totally open spec,
> > http://moonbaseotago.com/onerng/
> >
>
> Hmm... a couple things come to mind:
> First, TrueRNG seems to be a black box. So that's pretty much a
> non-starter.
Hrm. I think I agree with you there- since the point is to do better
with this problem than software, (a lot better), it could be argued to
be a particularly un-kosher place for blackbox hardware.
>
> Looks like OneRNG is only for Linux (atm); it requires udev to talk
> to the kernel... someone would need to write the necessary software.
Interesting...
>
> But I'm not sure the problem these devices are trying to solve are
> problems for the BSDs, at least OpenBSD.
;) I can see where that line of reasoning goes.
Yet, I'd say we can *always* use better HW entropy sources,
(particularly ones which are cheap and replacable if they are
compromised- like these USB sticks).
Where can my headless, microphone-less head-less servers get their
entropy? What if I even disabled entropy seeding/harvesting in the NIC
because it doesn't really do any good with my app/use?
If you know a good way out of these issues without hardware interfaces
to the "real and random" world, I'm all ears!
>
> ~Brian
Rocket-
.ike
More information about the talk
mailing list