[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Using /dev/hwrng

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Using /dev/hwrng
From: Imse Vimse <gvs2nlhkzmemgjnx9ngmaqqg@xxxxxxxxx>
Date: Sat, 14 Mar 2015 18:53:05 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 14 Mar 2015 13:53:20 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=7KUdf6ddsQa+WJLj9QCeythp9Am5ePhAsjnFC8v8DOo=; b=BMpxtsX1tmljc63ro18kz8LJYDEwTwhz0Ig3epkIKIF1rs7kMcj4YX6gWGUB8XeXXc vwBe8mHbT/LRtvyeI906Lutz3hfpDHKgtCKUOk/fmLDSJnSzXGZkT1zpcKLZukd+jxlu TinJ1UJMNwa1tgQavf9NkVQFRXx+/OOSQSqZHszt24O3NaeqCLKiOiDX9NLibeI3oggR 57Zf66UQP1r789gbWL9bW7qOvaFr4fSKoKKR4DyE+RJ1H8SoHaMrWMyVhwIWu7nTqYf+ N/eaQRjGUTu02ATMtQJb+doT9+H8aTNUETzONIbzLFhZ3yQjYU1XCMuWXdETjAlHR8qT k5MA==
In-reply-to: <20150313203949.GA7919@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CADQBdUH_5_6TA_jtp=N8O=J=S=2niVzm+oLPM+2a=maKd+6Liw@xxxxxxxxxxxxxx> <20150313203949.GA7919@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On rapsberry pi you need to manually activate loading module bcm2708-rng, or so I have read, to enable the HW-support. I have not actually verified the current state or tested it on my relays. The nodes are headless and normally outside my firewall so it's a bit of work to do the maintenance. But I wanted to get some confirmation that it is useful to do it.

It could be fun to make some benchmarking to see if I can increase performance on the same hardware.

How do I examine the output of 'openssl' that too is a bit of unknown territory for me?

2015-03-13 21:39 GMT+01:00 Libertas <libertas@xxxxxxxxxxx>:

On Thu, Mar 12, 2015 at 07:01:58PM +0100, Imse Vimse wrote:
>Â Â Would enabling the hardware random number generator on a relay node be
>Â Â usefull in terms of increased performance?
>Â Â If so, is it enough to activate /dev/hwrnd or is some configuration
>Â Â and/or recompilation required?

I suspect that your OS already does this by mixing it into its entropy
store, but that Tor using the device directly would be dangerous.

I'm not sure how relevant the HardareAccel config option is, but you
might want to look into that. Also look at the output of 'openssl
engine' to see whether OpenSSL recognizes the rdrand engine as
available.

I don't know much about this, but I thought I'd give you some leads.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Using /dev/hwrng
  - From: Imse Vimse
- Re: [tor-relays] Using /dev/hwrng
  - From: Libertas

Prev by Author: [tor-relays] Using /dev/hwrng
Next by Author: [tor-relays] Help finding relay bottleneck
Previous by thread: Re: [tor-relays] Using /dev/hwrng
Next by thread: [tor-relays] keeping tor relays operational
Index(es):
- Author
- Thread