cvs commit: hints/ATTACHMENTS/entropy entropy_watch.c

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Thu Apr 1 07:36:05 PST 2004


tushar      04/04/01 08:36:05

  Added:       .        entropy.txt
               ATTACHMENTS/entropy entropy_watch.c
  Log:
  Added: entropy.txt
  
  Revision  Changes    Path
  1.1                  hints/entropy.txt
  
  Index: entropy.txt
  ===================================================================
  AUTHOR: Robert Connolly <cendres at videotron dot ca> (ashes)
  
  DATE:   2004-03-30
  
  LICENSE:        Public Domain
  
  SYNOPSIS:       Software controlled random number generation
  
  PRIMARY URL:    http://www.linuxfromscratch.org/~robert/hlfs/hints/files/
  
  DESCRIPTION:
  Many system components including smashing stack protector, mkstemp,
  cryptography, aslr in Pax/Grsec depend on a supply of random bits to insure
  data integrity. In the Linux kernel a combination of input/output devices
  are used to gather randomness from. This includes the keyboard, mouse, and
  hard disc. On an idle system none of these devices are receiving input, and
  the entropy (randomness) of the system is easy to deplete, especially with
  cryptography. This hint describes two daemons which use either the static
  noise from the system audio, or the video frames from a video4linux device.
  These devices have a never ending supply of randomness created by thermal
  fluctuation and electric fields on the devices. These entropy gathering daemons
  depend on the kernel driver for your hardware to work properly, be it your
  sound or video card. These programs will re-seed the kernel entropy pool. The
  programs can be used together in combination with the kernel's internal values
  to create a very random pool from several different sources.
  
  There is tons and tons and tons of information about this subject on google.
  
  PREREQUISITES: None
  
  HINT: 
  
  Audio entropy daemon:
  http://www.vanheusden.com/aed/
  http://www.vanheusden.com/aed/audio-entropyd-0.0.6.tgz
  http://www.linuxfromscratch.org/~robert/hlfs/hints/attachments/entropy/\
  	audio-entropyd-0.0.6.tgz
  
  make &&
  install -g 0 -o 0 -m 755 audio-entropyd /usr/sbin/audio-entropyd
  
  Edit your /etc/rc.d/init.d/random and start audio-entropyd just after seeding
  urandom, and stop it just after saving random-seed. The pid file will be in
  /var/run. You don't need to reboot to use it, but you do need your sound card
  driver loaded, and be root.
  
  Video entropy daemon:
  http://www.vanheusden.com/ved/
  http://www.vanheusden.com/ved/video_entropyd-0.7.tgz
  http://www.linuxfromscratch.org/~robert/hlfs/hints/attachments/entropy/\
          video_entropyd-0.7.tgz
  
  make &&
  install -g 0 -o 0 -m 755 video_entropyd /usr/sbin/video_entropyd
  
  Add this to root's crontab every minute or so. It can not run as a daemon
  because it will lock the video device. Depends on video4linux. Using one or
  both of these daemons should be adequate for sustained moderate-to-heavy use.
  
  Nothing else needs to be done, applications can continue to use /dev/random
  and /dev/urandom normally. You should notice crypto keys get made faster.
  
   - Testing entropy
  Note: You should try to test this on an idle machine. Nothing compiling in
  background, no updatedb running, etc. Moving/clicking the mouse, keyboard, and
  even network traffic will create entropy in the pool, and affect results.
  
  Fetch this:
  http://dev.gentoo.org/~solar/misc/entropy_watch.c
  http://www.linuxfromscratch.org/~robert/hlfs/hints/attachments/entropy/
  	entropy_watch.c
  
  Open two windows with non-root login. This is easiest to do in X, else split
  a console window in two. In one window do this:
  
  gcc -o entropy_watch entropy_watch.c
  ./entropy_watch
  
  In the next window do something like this:
  
  dd if=/dev/urandom of=/dev/null bs=1 count=1024
  
  If one or both of the entropyd programs are running you should see the pool
  being refilled. Kill the entropyd program(s) and you should see it does not
  refill so quickly. Move the mouse and play with it if you like. If you use a
  small count like count=512 the entropyd program(s) may not refill immedietly
  because the pool is still large enough. This is to improve preformance
  
  ACKNOWLEDGMENTS:
  * Thanks to Solar for entropy_watch.c http://dev.gentoo.org/~solar/
  
  CHANGELOG:
  [2004-03-29]
  * Initial post
  [2004-03-30]
  * Added test. Thanks to Solar.
  
  
  
  1.1                  hints/ATTACHMENTS/entropy/entropy_watch.c
  
  Index: entropy_watch.c
  ===================================================================
  /******************************************************************************/
  /* THE BEER-WARE LICENSE   (Revision 42):                                     */
  /*  As long as you retain this notice you can do whatever you want with this  */
  /*   stuff. If we meet some day, and you think this stuff is worth it,        */
  /*   you can buy me a beer in return.    --solarx                             */
  /******************************************************************************/
  
  
  #include <stdio.h>
  #include <unistd.h>
  #include <string.h>
  #include <stdlib.h>
  #include <time.h>
  
  int main()
  {
  	int entropy_avail, entropy_curr;
  	char buf[16];
  	char *p;
  	FILE *fp;
  
  	entropy_avail = entropy_avail = 0;
  
  	while (1) {
  		if ((fp =
  			 fopen("/proc/sys/kernel/random/entropy_avail", "r")) != NULL) {
  			// printf("fpos=%d\n", ftell(fp));
  			// rewind(fp);
  			fgets(buf, sizeof(buf), fp);
  			if ((p = strchr(buf, '\n')) != NULL)
  				*p = 0;
  			entropy_curr = atoi(buf);
  			if (entropy_curr < entropy_avail)
  				printf("entropy_avail has gone down [ %8d ] : total [ %8d ]\n",
  					   entropy_avail - entropy_curr, entropy_curr);
  			if (entropy_curr > entropy_avail)
  				printf("entropy_avail has gone up.. [ %8d ] : total [ %8d ]\n",
  					   entropy_curr - entropy_avail, entropy_curr);
  			entropy_avail = entropy_curr;
  			// printf("-fpos=%d\n", ftell(fp));
  			sleep(1);
  			fclose(fp);
  
  		}
  	}
  	_exit(1);			/* should never be reached */
  }
  
  
  



More information about the hints mailing list