random-device purpose in DNSSEC

WBrown at e1b.org WBrown at e1b.org
Fri May 11 12:17:40 UTC 2012

Warren wrote on 05/10/2012 04:14:01 PM:

> Multiple options:
> 1: install haveged (http://www.irisa.fr/caps/projects/hipsor/) -- 
> this will provide you with much randomness [0].
> 2: buy a USB entropy widget (for example: http://www.entropykey.co.uk/)
> 3: See if there is a driver for your TPM -- many boxes have them, 
> and many provide good randomness.
> 4: NOT RECOMMENDED: use /dev/urandom (only for testing)

You forgot an option:

5:  "Patience, Grasshopper."  /dev/random will eventually fill and the 
crypto function will get enough data to complete.

Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

More information about the bind-users mailing list