|
|
@@ -259,6 +259,18 @@ apt-get update
|
|
259
|
259
|
apt-get install emacs
|
|
260
|
260
|
#+END_SRC
|
|
261
|
261
|
|
|
|
262
|
+** Random number generation
|
|
|
263
|
+
|
|
|
264
|
+The security of encryption depends upon how random the pseudo-random number generation on your system is. If it isn't very random then it may be far more vulnerable to cryptanalysis, and it's known that in the past some dubious agencies have encouraged the use of flawed random number generators to assist with their prurient activities. Randomness - typically referred to as /entropy/ - is often gathered from factors such as the timing of key presses or mouse movements, but since the BBB won't have such devices plugged into it this reduces the amount of entropy available.
|
|
|
265
|
+
|
|
|
266
|
+To improve entropy generation there are two options. One is to install a kernel module which enables the hardware crypto available on the BBB, but that's a bit complicated and might have some stability implications. The other option is to install [[http://www.issihosts.com/haveged/][havegd]]. While not as good as a true hardware random number generator, havegd is better than the default pseudo-random number generation within the Linux kernel. To install it:
|
|
|
267
|
+
|
|
|
268
|
+#+BEGIN_SRC: bash
|
|
|
269
|
+apt-get install haveged
|
|
|
270
|
+#+END_SRC
|
|
|
271
|
+
|
|
|
272
|
+At the time of writing there is also some hardware called [[http://beagleboard.org/project/CryptoCape/][cryptocape]] being developed, with the intention of adding extra random number generation capabilities to the BBB.
|
|
|
273
|
+
|
|
262
|
274
|
** Alter ssh configuration
|
|
263
|
275
|
|
|
264
|
276
|
Altering the ssh configuration will make it a little more secure than the standard Debian settings.
|
Bob Mottram
11 years ago