Posted by Bret Hughes on 01/18/05 21:20

On Tue, 2005-01-18 at 11:45, Vladas Shukevichus wrote:
> 18.01.2005 18:06:31
> Marek Kilimajer <lists@kilimajer.net> wrote in message
> <41ED3407.7040706@kilimajer.net>
>
> > M. Sokolewicz wrote:
> > > didn't you read what wez said? they're gathering entropy... you
> *can't*
> > > (and shouldn't want to) prevent that.
> > >
> >
> > Or get some good entropy source
>
> Can you explain this a bit? How can I do this?
>

Now you getting back to the "there are only six people in the world
that understand encryption deal" :)

entropy in these terms ( as I understand it ) is a source of randomness
used by open ssl. I believe /dev/random is the source for this on a
linux system. various system events cause random characters to be added
to the entropy pool that is then accessed via /dev/random. I rna into
this a couple of years ago setting up a freeswan link that was taking
forever (hours) to generate the keys. Turns out that since I was on a
headless scsi system there was a severe lack of entropy. At the time,
ide hard drive activity, mouse events and possibly keyboard activity
were the primary inputs into the pool. If your system needs a lot of
randomness there are various random number generators available.

Do some searching, cryptogeeks take thier randomness very seriously. I
had no idea until I ran into this. The coolest one I found was a
lavalamp array that had a camera pointed at it and the output was
massaged to generate the random data. Last I heard, even this was being
debated as to whether it was random enough.

this is important enough that Via puts a random number generator built
into the epia boards so appliances will have enough of an entropy pool
to quickly establish vpns.

Have fun learing about it. I did.

Having said all this, you might try moving the server mouse around
immediatly before and during the transaction to see if its faster.


HTH

Bret

[Back to original message]