archlinux-keyring & entropy
On Tue, 17 Apr 2012 11:37:29 +0200
Karol Blazewicz wrote:
> seems to hang forever unless you run 'updtedb' or something so the
> entropy problem should be covered, as suggested in .
Maybe something like haveged would fix that but the OpenBSD devs
weren't that impressed with it.
> I was looking at this entropy gatherer (havege) and was wondering if
> OpenBSD uses any similar techniques?
Broadly speaking, yes.
"HAVEGE combines on-the-fly hardware volatile entropy gathering with
pseudo-random number generation."
This is the way all practical random number generators now work,
including OpenBSD's kernel one, Yarrow as implemented e.g. by
FreeBSD, or even Intel's on-chip Bull Mountain.
I don't want to sound too disparaging of the HAVEGE people, but
once you cut through the bluster, what remains is that they use the
processor cycle counter as their sole source of entropy, which they
then feed into their own deterministic pseudo-random number generator.
I suspect their choice of entropy source will not find general
approval *cough, cough*, and rather than designing your own PRNG
to stretch the randomness, you can do what OpenBSD and Intel did
and just use an off-the-shelf cryptographic stream cipher.