Re: best way to create entropy?

[shawn wilson <ag4ve.us () gmail com>]

again, to add some input to my own question - i happened to be
compiling openssh and found this in the install doc:

NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
/dev/random, or failing that, either prngd or egd

PRNGD:

If your system lacks kernel-based random collection, the use of Lutz
Jaenicke's PRNGd is recommended.

http://prngd.sourceforge.net/

EGD:

The Entropy Gathering Daemon (EGD) is supported if you have a system which
lacks /dev/random and don't want to use OpenSSH's internal entropy collection.

http://www.lothar.com/tech/crypto/



hopefully i'll find the time to figure out what is different about
"OpenSSH's internal entropy collection", the above systems, and
haveged.


On Sat, Oct 13, 2012 at 10:11 PM, Jasper Wallace <jasper () pointless net> wrote:
> On Thu, 11 Oct 2012, Dan White wrote:
>
> > On 10/11/12 17:08 -0700, Jonathan Lassoff wrote:
> > > On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us () gmail com> wrote:
> > > > in the past, i've done many different things to create entropy -
> > > > encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a
> > > > kernel. but, what is best? just whatever gets your cpu to peak or are
> > > > some tasks better than others?
> > >
> > > Personally, I've used and recommend this USB stick:
> > > http://www.entropykey.co.uk/
> > >
> > > Internally, it uses diodes that are reverse-biased just ever so close
> > > to the breakdown voltage such that they randomly flip state back and
> > > forth.
> >
> > +1.
>
> and with ekeyd-egd-linux you can distribute the entropy from an entropykey
> over the net - great for giving vm some randomness.
>
> --
> [http://pointless.net/]                                   [0x2ECA0975]