On 09/07/2014 10:25 AM, Edward Ned Harvey (blu) wrote:
> Also, shutdown into BIOS, and make sure your TPM is enabled. Even if 
> you use it for nothing, it is a hardware entropy source that the 
> kernel can source from. 

As I said, urandom driver details change, but last I looked the Intel 
RNG is only Xor-ed into the urandom driver's output. It can't hurt--even 
if the NSA knows every bit it ever outputs--and it might help (maybe the 
NSA slips some in tracking your RNG hardware's state).

But it won't help you with your entropy accounting, it is not credited 
to the pool. Actually, I think the detail of how they use Intel's RNG 
changed, but it isn't being trusted. It is only a can't-hurt extra in 
the mix.

(When the Snowden stuff came down, Ted T'so, the original and recent 
urandom guy, was very relieved that, despite pressure, he didn't accept 
Intel's RNG output on faith.)


