nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: comcast ipv6 PTR

From: Eugen Leitl <eugen () leitl org>
Date: Thu, 17 Oct 2013 11:45:52 +0200
On Thu, Oct 17, 2013 at 10:03:42AM +1100, Mark Andrews wrote:


Modern Intel CPU's provide hardware based random numbers.  It is
not like other cpu manufactures can't do the same thing.  This
doesn't increase the chip count or pcb real estate used.


Specifically Intel's RNG is inauditable. It should not be used
as a single source of entropy, but always mixed in with others,
unrelated sources of entropy.

There used to be an USB stick RNG called Entropykey, but that one
is currently unavailable.

A cheap/improvised, trusted way to get some physical entropy could be 
USB SDRs http://sdr.osmocom.org/trac/wiki/rtl-sdr 
especially if hooked up to an analog wideband white noise generator
http://www.maximintegrated.com/app-notes/index.mvp/id/3469
instead of just listening to the aether.

Never use entropy as is, mix it into a PRNG, use as many
entropy sources as you can. Packet timing (IRQs) can be
a source of entropy in a network device.
 

It's time CPE Router vendors did a re-think.
Previous By Date Next
Previous By Thread Next

Current thread: