:: Re: [DNG] WAIT_ONLINE_METHOD=none
Startseite
Nachricht löschen
Nachricht beantworten
Autor: wirelessduck
Datum:  
To: Didier Kryn
CC: dng
Betreff: Re: [DNG] WAIT_ONLINE_METHOD=none


> On 18 Feb 2019, at 21:50, Didier Kryn <kryn@???> wrote:
>
>> Le 17/02/2019 à 17:29, Mike Tubby a écrit :
>> If you install 'haveged' package /dev/random and /dev/urandom should (a) be better quality and (b) programs that need chunks of random data such as SSL on start-up should come up more quickly, i.e. not block waiting
>
>
>     Looks kije a great suggestion. I'd never heared of it.

>
>     Shouldn't this package be recommended, or at least suggested, by things like openssl and openssh ?


The quality of entropy from haveged is not guaranteed.

https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines

https://lwn.net/Articles/525459/

Maybe rng tools might be a better option if you are low on entropy? I don’t claim to be an expert on security or crypto though.

https://wiki.archlinux.org/index.php/Rng-tools

—Tom