Re: Raspberry pi safe?

15 Apr 2015

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 04/15/2015 02:05 AM, Cathal (Phone) wrote:
...
Personally I'd draw from several sources to feed /dev/random: an 
internal hash-chain (quick Python script) (re)seeded on a password
and urandom periodically, the hardware entropy generator, Ubuntu's
seed server.. don't trust one source, mash them up once a
minute/hour and feed them to /dev/random.
I've gotten some success with a USB enabled Geiger counter
(https://www.sparkfun.com/products/11345).  A little Python was used
to open the USB serial device and measure the amount of time that
passed in between characters being emitted, hash them, and cat the
hashes into /dev/random to give the kernel pool a little more to work
with.  The unit's pretty large (larger than the RasPi) and needs a
housing of some kind to really protect it.  I wouldn't use it for an
HSM but for experimenting at home it works decently well.  Now I just
need to get around to learning SciPy to profile the output of
/dev/urandom for biases...

- -- 
The Doctor [412/724/301/703/415] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

Good enough is the enemy of the best.