[Soekris] 4801, Linux, and entropy

[steve davidson]

I wanted to poll the group to see if anyone has any suggestions for
working around the lack of entropy on the 4801 for security
applications.  This is a common problem among embedded devices - the
common entropy devices used by *nix (keyboard, mouse, HDD, etc) simply
are not present on these appliances.  Via has provided a nice solution
to this problem in their Eden-N line - the CPU itself has a hardware
entropy pool generated by electrical noise.

I'm using Linux on my 4801s and switching to BSD is not an option at
this point.  As you probably know, /dev/random is a blocking entropy
pool - it will return values as long as they are present, but will
block when the pool is exhausted.  Net result - trying to generate a
key (say, a PGP keypair) will hang, as the entropy pool is quickly
used up.  Using /dev/urandom instead is a workaround - it is a pretty
solid software RNG, but is *theoretically* possible to crack (security
wonks would consider using /dev/urandom as an entropy source to be a
Very Bad Idea).

Not wanting to get into any hardcore security conversations on this
board - it's not the right forum for such discussions - but would like
to hear any suggestions that folks might have for addressing this
issue.

Thanks in advance,

Steve