I already spoke about VPN Ciphers in the series of new features of the upcoming version 2.15 of IPFire, but that is not all we have done on improving cryptography.
Strong cryptography heavily relies on good random numbers. Those random numbers cannot be generated by a simple algorithm, because they need to fulfil the condition of being truly random, which can never be achieved by any algorithm in the world. That means random numbers cannot be generated in software, but there is hardware that can.
Unfortunately this hardware is rare, but we aim to use any hardware random number generators (HWRNGs) when possible. Currently there are AMD Geode LX-bases systems, some systems that come with Intel’s RDRAND instruction and some others which do currently work. We are going to maintain a list of supported hardware on our wiki. Please add you own hardware if it it is working.
The random numbers emitted by a HWRNG are mixed into the kernel’s entropy pool and can be used by all applications that need them. We increased the size of the entropy pool from 4K to 16K so that there should always be enough entropy available if it could have been gathered before.
If you want to know a little bit more about entropy, check out the article on our wiki.
Posted: February 2, 2014 • 1421 views