More secure random entropy pool
branneman opened this issue · comments
Thanks for this How-To guide, I'm happy this project exists!
A lot of linux servers are headless (no keyboard/mouse/monitor), and therefore have less sources for good entropy as there is no human interaction beyond ssh. There have been cases of headless servers generating predictable ssh keys after boot. [1]
Thus it can be reasoned that security can be increased by setting up additional sources for entropy. A simple sudo apt-get install rng-tools
on debian-based distro's already adds value, but there might be more tools available.
I suggest adding this as a section to the guide.
Sources:
A section for hardware based entropy tools could be nice too for example https://www.crowdsupply.com/13-37/infinite-noise-trng
@branneman Wow. That is great. I had never even considered that. Will work on adding it. Thanks!
@pahakalle Now that is interesting. I'd be worried about trusting the hardware tech. I'll do some research. Thanks!
Added something basic for now. I'll add more detail when I have time.
Thanks again!