[Soekris] 4801, Linux, and entropy
Jim Thompson
jim at netgate.com
Tue Oct 18 21:13:58 UTC 2005
On Oct 18, 2005, at 9:05 AM, steve davidson wrote:
> I wanted to poll the group to see if anyone has any suggestions for
> working around the lack of entropy on the 4801 for security
> applications. This is a common problem among embedded devices - the
> common entropy devices used by *nix (keyboard, mouse, HDD, etc) simply
> are not present on these appliances. Via has provided a nice solution
> to this problem in their Eden-N line - the CPU itself has a hardware
> entropy pool generated by electrical noise.
Its not just "Eden-N" that has Padlock. Several of the more recent
C3 CPUs have it too.
> I'm using Linux on my 4801s and switching to BSD is not an option at
> this point. As you probably know, /dev/random is a blocking entropy
> pool - it will return values as long as they are present, but will
> block when the pool is exhausted. Net result - trying to generate a
> key (say, a PGP keypair) will hang, as the entropy pool is quickly
> used up. Using /dev/urandom instead is a workaround - it is a pretty
> solid software RNG, but is *theoretically* possible to crack (security
> wonks would consider using /dev/urandom as an entropy source to be a
> Very Bad Idea).
There are recent patches to the 2.6 kernel line that implement
Ferguson's Fortuna
http://en.wikipedia.org/wiki/Fortuna_(PRNG)
http://www.ussg.iu.edu/hypermail/linux/kernel/0409.3/1340.html
http://lkml.org/lkml/2004/10/1/77
More information about the Soekris-tech
mailing list