From owner-freebsd-net@FreeBSD.ORG  Wed Jun 16 06:58:13 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3AFAC16A510
	for <freebsd-net@freebsd.org>; Wed, 16 Jun 2004 06:58:13 +0000 (GMT)
Received: from amaunetsgothique.com (31.amaunetsgothique.com [69.17.34.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D998E43D4C
	for <freebsd-net@freebsd.org>; Wed, 16 Jun 2004 06:58:12 +0000 (GMT)
	(envelope-from chort@amaunetsgothique.com)
Received: from ([10.8.1.3])
	by phalanx.amaunetsgothique.com with ESMTP ;
	Tue, 15 Jun 2004 23:57:24 -0700
Received: from [10.8.1.3] (abydos.amaunetsgothique.com [10.8.1.3])
	by abydos.amaunetsgothique.com (Postfix) with ESMTP id 5BDEC1A43D
	for <freebsd-net@freebsd.org>; Tue, 15 Jun 2004 23:57:23 -0700 (PDT)
From: Brian Keefer <chort@amaunetsgothique.com>
To: FreeBSD Net <freebsd-net@freebsd.org>
In-Reply-To: <40C8B906.7000904@mac.com>
References: <20040610212709.A1672@eitzenberger.name>
	 <40C8B906.7000904@mac.com>
Content-Type: text/plain
Organization: 
Message-Id: <1087369042.8720.21.camel@abydos.amaunetsgothique.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.4 
Date: 15 Jun 2004 23:57:23 -0700
Content-Transfer-Encoding: 7bit
Subject: Re: choosing another random number generator
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2004 06:58:13 -0000

On Thu, 2004-06-10 at 12:39, Chuck Swiger wrote:
> Consider getting something like:
> 
> http://www.soekris.com/vpn1401.htm
> 
> ...which will provide you with a hardware-based RNG.  You'll need to enable 
> some options in the kernel to use it (search for HIFN in LINT)...

Recent VIA C3 CPUs also have hardware RNG on-chip, and the very recent
C3s actually have AES in hardware.  The "to be released soon" C3s will
have RSA, SHA1, and SHA256 on-chip.  Now that's some pretty amazingly
affordable hardware crypto (stand-alone CPUs go for around USD $40,
while embedded in a board is anywhere from $160 - $240).

I know that OpenBSD and Linux support the RNG and AES.  I haven't yet
checked to see if FreeBSD does.  Would anyone happen to know off the top
of their head?

Any way, wouldn't RNG and crypto discussion be more relevant to the
security list?

-- 
Brian Keefer