random-device purpose in DNSSEC
marka at isc.org
Thu May 10 21:57:40 UTC 2012
In message <CABUciR=m+B45dDZYV2J8z9+Ltvuy4rwH+Kp3e8NjyaHDpY-L7w at mail.gmail.com>
, Alexander Gurvitz writes:
> Hello all.
> What random device used for ?
> ARM says "Entropy is primarily needed for DNSSEC=A0operations,
> such as ... dynamic update of signed zones". I don't get why signing a zone
> requires any randomness.
It doesn't for RSA. However DSA does require randomness.
> This bothers me as I'm implementing DNSSEC now, and I know that my systems
> are low at entropy, and BIND default random-device is /dev/random,
> and it (the device) blocks when there's no entropy available.
> Does BIND really needs that entropy, and how much ?
Yes, if you are using DSA.
> Alexander Gurvitz,
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
> be from this list
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users