tech-crypto: Re: insufficient entropy for rnd

Subject: Re: insufficient entropy for rnd
To: None <tech-crypto@netbsd.org>
From: Matthias Scheler <tron@zhadum.de>
List: tech-crypto
Date: 08/17/2003 17:19:10

In article <20030811201900.5abe568f.rumi_ml@rtfm.hu>,
> Maybe Cyrus SASL (mine is 2.1.12 from pkgsrc) could be compiled
> to use /dev/urandom instead, but for me this sounds more like
> a workaround than a solution at least for a crypto purpose.

If good random generation is important for your server try to get a
motherboard with an Intel 8xx chipset (for Pentium III or IV) which
has Intel's firmware hub (ASUS motherboards don't have one, Intel
motherboards of course do). It'll provide you with a hardware RNG
which is supported by NetBSD:

pchb0: Intel 82865 Host (rev. 0x02)
pchb0: random number generator enabled

tron@lyssa:~tron#rndctl -l
Source                 Bits Type      Flags
sd3                       0 disk estimate, collect
sd2                       0 disk estimate, collect
sd1                       0 disk estimate, collect
sd0                       0 disk estimate, collect
fd0                       0 disk estimate, collect
cd1                       0 disk estimate, collect
cd0                       0 disk estimate, collect
wd1                  101371 disk estimate, collect
wd0                   45886 disk estimate, collect
wm0                       0 net  
pchb0              28911104 rng  collect
pms0                 384123 tty  estimate, collect
pckbd0                72510 tty  estimate, collect

	Kind regads

-- 
Matthias Scheler                                  http://scheler.de/~matthias/