On Tue, 07 Sep 2010, Clement Hermann (nodens) wrote: > I always use /dev/urandom if I don't have hardware RNG on a busy server, > because availability is more important than protection against a very > unlikely threat, and I did have some problem under heavy load. If you have a HRNG properly feeding the Linux kernel with entropy, /dev/urandom will operate in the exactly same way as /dev/random anyway. Really, /dev/random is to be used ONLY when generating long-lived very important data, such as long-lived keys. > However, if I can, I prefer to use a hardware RNG, as it is really a > breeze to use with rng-tools. It used to be available on any server x86 > motherboard, unfortunately it tends to be less frequent onboard > nowadays... Actually, if you don't want to recompile cyrus but need to > use /dev/urandom, you can use /dev/random with rng-tools using > /dev/urandom as a random source instead of the RNG device. Well, I can recommend this: http://www.entropykey.co.uk -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
