> Does anyone know if haveged significantly affects things like > truecrypt, cryptsetup, RSA, or SSL if you happen to leave the daemon > running for long periods of time? I'm sure that it's always going to > be "random enough", but I often make use of Archlinux in forensic > environments involving encrypted disks and files or transferring > things over SSL, so I do need to know if there is even a theoretical > weakness in my environment in case my tools and methodologies are > called into question. If your task uses /dev/random then it blocks on low entropy conditions. I believe that is the only time haveged fills the pool. So the question becomes If my device needs lots of entropy is haveged as strong or stronger than the Linux RNG and does or can haveged be made to collect randomness when idle. This fired across the android list recently and gives with it's references an idea of weaknesses in the Linux RNG. Were these weaknesses happening at times of pool exhaustion or generally, I wonder? https://factorable.net/paper.html OpenBSD a year or two ago actually made all their random devices link to the one because it incorporates haveged like functionality and more and with it's RC4 cipher multiplies it to hundreds of megabytes of good random data per second. -- ________________________________________________________ Why not do something good every day and install BOINC. ________________________________________________________
