<html dir="ltr"><head></head><body style="text-align:left; direction:ltr;"><div>This looks promising.</div><div><br></div><div>The system(s) are Intel, high core count file servers with 12 encrypted partitions and 40G TCP and 40G IB networking. Linked through glusterfs they are the storage cluster. I'm seeing haveged getting _used_ where it's not been used before.</div><div><br></div><div>On Tue, 2019-03-19 at 16:54 -0400, dev null zero two via Ale wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div dir="ltr"><span style="color:rgb(38,50,56);font-family:Roboto,sans-serif;font-size:13px">IIRC, the link I sent is for a Linux RNG patch that uses a FIPS approved DRBG. If properly seeded, this can supply a ton of secure random numbers without draining the entropy pool so much.</span><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 19, 2019 at 4:52 PM Alex Carver via Ale <<a href="mailto:ale@ale.org">ale@ale.org</a>> wrote:<br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex">On 2019-03-19 13:31, Jim Kinney via Ale wrote:<br>
> When the entropy pool gets low and all 200TB are encrypted, writes can<br>
> slow down.<br>
> <br>
> Looking at at hardware RNG devices. Found one that looks really cool,<br>
> open, all the right buttons <a href="http://onerng.info/" rel="noreferrer" target="_blank">http://onerng.info/</a><br>
> <br>
> Anybody used something like this?<br>
<br>
I've seen mention more than once of using a Geiger counter with its<br>
output tied to a serial port to generate random bits with a small<br>
software shim to push them into entropy. The advantage is that<br>
radioactive decay is random and this kind of setup can't be influenced<br>
from a distance.<br>
<br>
<br>
Diode noise is not fully random, it has a specific energy distribution<br>
so there will be bias in the results (in which case you're depending on<br>
these guys to have smoothed/whitened the noise properly). RF noise is<br>
also not random when the receiver is stationary. The RF landscape<br>
doesn't change too much and also has inherent bias (cell towers, wifi<br>
APs, lots of other transmitters that don't move and sit on the same<br>
frequency). The RF generator would depend on the features that do<br>
change which are fewer and slower.<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>
<pre>_______________________________________________</pre><pre>Ale mailing list</pre><a href="mailto:Ale@ale.org"><pre>Ale@ale.org</pre></a><pre><br></pre><a href="https://mail.ale.org/mailman/listinfo/ale"><pre>https://mail.ale.org/mailman/listinfo/ale</pre></a><pre><br></pre><pre>See JOBS, ANNOUNCE and SCHOOLS lists at</pre><a href="http://mail.ale.org/mailman/listinfo"><pre>http://mail.ale.org/mailman/listinfo</pre></a><pre><br></pre></blockquote><div><span><pre><pre>-- <br></pre>James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
</pre></span></div></body></html>