random-device purpose in DNSSEC
Alexander Gurvitz
alex at net-me.net
Sun May 13 21:11:04 UTC 2012
On Fri, May 11, 2012 at 12:57 AM, Mark Andrews <marka at isc.org> wrote:
>
>
> > What random device used for ?
> > ... I don't get why signing a zone requires any randomness.
>
> It doesn't for RSA. However DSA does require randomness.
>
> > Does BIND really needs that entropy, and how much ?
>
> Yes, if you are using DSA.
>
Thanks Mark.
My personal conclusions are that as I'll be using RSA only,
I don't need to worry about named.conf random device.
As for key generation, in case I'll need to generate keys frequently,
since it's a hosted-somewhere VPS, my only option is haveged.
Thanks all,
Alex
More information about the bind-users
mailing list