[Nix-dev] Why is rngd running by default?
Florian Friesdorf
flo at chaoflow.net
Mon Dec 3 06:58:27 CET 2012
Shea Levy <shea at shealevy.com> writes:
> On 11/29/2012 02:00 AM, Mathijs Kwik wrote:
>> While at the subject of random number generation, I would like to plug
>> the "frandom" package (+kernel module), , as it has been very useful
>> to me. It is available in NixOS through the use of
>> services.frandom.enable = true.
>>
>> It uses the kernel random device but provides an extremely fast
>> /dev/frandom to use from userspace (20x speedup compared to
>> /dev/urandom on my system). This makes it the perfect source for
>> filling up disks before putting some full-disk-encryption on top of.
>
> Something I've never understood about this technique... Why not just
> zero out the encrypted block device? Won't that make the underlying
> device look effectively random?
Same here. My last two disks I "randomized" by zeroing out the encrypted
device.
--
Florian Friesdorf <flo at chaoflow.net>
GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083
Jabber/XMPP: flo at chaoflow.net
IRC: chaoflow on freenode,ircnet,blafasel,OFTC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20121203/50b194c4/attachment.bin
More information about the nix-dev
mailing list