Date: Fri, 24 Jan 2003 19:14:55 -0800 From: "Sam Leffler" <sam@errno.com> To: "Daniel O'Connor" <doconnor@gsoft.com.au> Cc: "Mike Tancsa" <mike@sentex.net>, <freebsd-stable@FreeBSD.ORG> Subject: Re: HEADS UP: fast ipsec committed Message-ID: <1bdc01c2c41f$eff0ef50$52557f42@errno.com> References: <5.2.0.9.0.20030124073321.07012c88@192.168.0.12> <187f01c2c3cb$9eb22e50$52557f42@errno.com> <1043462918.85148.28.camel@chowder.dons.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, 2003-01-25 at 03:41, Sam Leffler wrote:
> > With OpenSSL you get lots of applications. I'm not sure if Kerberos
also
> > benefits. In the kernel there's nothing else at the moment but that's
not
> > to say that things like gbde couldn't use it. I also intend to use it
to do
> > AES for wireless security protocols.
>
> What about /dev/random? The hifn chips have a random number generator on
> board, although I've no idea how good it is.
Right. If the crypto h/w has a RNG on it then the entropy is automatically
fed to the system PRNG. This can be a big win since it allows you to
disable IRQ entropy harvesting which is too expensive for a production
environment.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1bdc01c2c41f$eff0ef50$52557f42>