suggestions for a hardware random number generator?

Marcus Morgan marcus at ufl.edu
Thu Sep 4 14:12:21 UTC 2008


It takes me about 85 minutes to generate a 1024 bit key for dnssec.
I'd like to install a
random number generator to speed the process up.  Do you have any
suggestions, recommendations or reviews that I might consider?

thanks,
-Marcus

On Sat, Aug 30, 2008 at 8:17 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
>> On Sun, 31 Aug 2008 02:40:36 you wrote:
>> > > Hello all-
>> > >
>> > > The following command-
>> > >
>> > > /usr/local/sbin/dnssec-keygen -r /dev/random -f KSK -a RSASHA1 -b 1024 -n
>> > > ZON E
>> > > example.com
>> > >
>> > > stalls. The system is Slackware Linux 12.1 with kernel 2.6.23-11.
>> > >
>> > > Michael
>> >
>> >     You need to cause the kernel to gather entropy. The way to
>> >     do that is to make the kernel do work.
>> >
>> >     e.g.
>> >             ls -R /
>>
>> While this does increase the entropy to over 3,000, it still doesn't work (an
>> d
>> the entropy sinks within a few seconds anyway)
>
>        When generating large keys I just keep running "ls -R /" until the
>        key generation completes.  You can also use the keyboard.  Install
>        a hardware random number generator and configure the kernel to use
>        it (might require a OS change as I don't know if this is supported
>        under Linux).
>
>        Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
>
>



-- 
Marcus Morgan
UF/OIT/CNS/NS/S
marcus at ufl.edu


More information about the bind-users mailing list