25 Apr
2010
25 Apr
'10
3:06 p.m.
On Sat, 24 Apr 2010 09:22:21 +0000
Andy Smith <andy(a)bitfolk.com> wrote:
Hi Matt,
On Sat, Apr 24, 2010 at 09:50:19AM +0100, Matt Holgate wrote:
The Entropy Keys are a wonder - even for servers that aren't VPS
based... Though, dependant on how many people are using your egd, you
might find that it doesn't give enough, and might have to have more
than one (or wait for the ptang, if it ever comes out)
Apologies in advance if these are stupid
questions...
1) With previous VPS providers, I've found that I've had to
symlink /dev/random to /dev/urandom to avoid an issue where SSL/TLS
smtp connections would hang for a long time waiting for sufficient
entropy to setup the secure connection.
I've been looking into this after a couple of people mentioned that
they sometimes didn't have enough entropy.
I've bought an entropy key (http://www.entropykey.co.uk/) and am
planning to hook it up to the entropy-gathering daemon. People who
are interested would then be able to run their own egd that talks to
mine in order to obtain more entropy.
This isn't a very high priority at the moment. I accidentally had
the ekey plugged in to a machine that doesn't have USB enabled in
the BIOS, so I need to visit the datacentre to sort that out, and I
don't plan to do that until I have a new server ready to install in
a couple of weeks. But I am working on it.
I've started graphing available entropy to see what difference it
will make, if any.
Typical VMs:
http://tools.bitfolk.com/cacti/graph_1847.html
http://tools.bitfolk.com/cacti/graph_1863.html
http://tools.bitfolk.com/cacti/graph_1900.html
I'll see how/if the ekey improves things.