Limits to seeding /dev/random | random(4)
Dirk-Willem van Gulik
dirkx at webweaving.org
Wed Jul 11 14:35:49 UTC 2018
> On 11 Jul 2018, at 15:58, Ian Lepore <ian at freebsd.org> wrote:
>
> On Wed, 2018-07-11 at 14:03 +0200, Dirk-Willem van Gulik wrote:
>> When feeding /dev/random from hardware USB devices like Bill
>> Woodcock’s design in PCB incarnation:
>>
>> https://13-37.org/de/shop/infinite-noise-trng/
>>
>> Are there any caveats with regard to volume or speed of doing so ? Or
>> is it always a plus ?
>>
>> Actual code at https://github.com/dirkx/infnoise/blob/master/software
>> /libinfnoise.c line 122:
>>
>> if ((devRandomFD = open("/dev/random",O_WRONLY)) <0)
>> .. error handling
>>
>> if (write(devRandomFD, bytes, length) != length)
>> .. error handling
>>
>> And is there any case where length would not return the length
>> written — it seems that the driver traps/ignores EINT, EAGAIN and
>> short writes ?
>>
>> Or should one check the entropy available in /dev/random (how?) and
>> hold off feeding it until it is low enough (this is what the
>> infinite-trng seems to do on linux).
>>
>> With kind regards,
>>
>> Dw
>
> There is no way to check the entropy available in /dev/random because
> the whole concept doesn't apply. Entropy isn't a limited resource that
> can be exhausted after the prng is seeded at boot time.
>
> When asking our prng gurus for advice on writing a device driver for an
> on-chip entropy source, the advice I got was basically: there's no need
> to feed in more entropy on an ongoing basis, but no harm in doing so
> either, within reason.
Understood. But it is not a bad thing if one also takes into account all sort of governance stuff around certification & what not (and we got bitten at least twice by a virtualised environment producing something identical - which with hindsight was obvious but still).
> The recommendation was to feed at or below an
> average rate of about 128 bits/second. Pushing in more isn't harmful,
> just wasteful of system resources because it doesn't make anything
> better.
Ok - so these units spit out around a 90-100 K bit/second (that is after it has been whitewashed by a Keccack-1600).
So I guess I should not pass all of that on blindly — but quell that stream by a factor thousand.
Dw.
More information about the freebsd-hackers
mailing list