[Discuss] How do I add entropy?
Kent Borg
kentborg at borg.org
Sun Sep 7 14:09:59 EDT 2014
On 09/07/2014 10:25 AM, Edward Ned Harvey (blu) wrote:
> Also, shutdown into BIOS, and make sure your TPM is enabled. Even if
> you use it for nothing, it is a hardware entropy source that the
> kernel can source from.
As I said, urandom driver details change, but last I looked the Intel
RNG is only Xor-ed into the urandom driver's output. It can't hurt--even
if the NSA knows every bit it ever outputs--and it might help (maybe the
NSA slips some in tracking your RNG hardware's state).
But it won't help you with your entropy accounting, it is not credited
to the pool. Actually, I think the detail of how they use Intel's RNG
changed, but it isn't being trusted. It is only a can't-hurt extra in
the mix.
(When the Snowden stuff came down, Ted T'so, the original and recent
urandom guy, was very relieved that, despite pressure, he didn't accept
Intel's RNG output on faith.)
-kb
More information about the Discuss
mailing list