cvs commit: hints entropy.txt

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Tue Apr 20 21:32:32 PDT 2004


tushar      04/04/20 22:32:32

  Modified:    .        entropy.txt
  Log:
  Updated Hint: entropy
  
  Revision  Changes    Path
  1.2       +64 -23    hints/entropy.txt
  
  Index: entropy.txt
  ===================================================================
  RCS file: /home/cvsroot/hints/entropy.txt,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -u -r1.1 -r1.2
  --- entropy.txt	1 Apr 2004 15:36:05 -0000	1.1
  +++ entropy.txt	21 Apr 2004 04:32:32 -0000	1.2
  @@ -1,30 +1,43 @@
  -AUTHOR: Robert Connolly <cendres at videotron dot ca> (ashes)
  +AUTHOR:		Robert Connolly <robert at linuxfromscratch dot org> (ashes)
   
  -DATE:   2004-03-30
  +DATE:		2004-04-18
   
  -LICENSE:        Public Domain
  +LICENSE:	Public Domain
   
  -SYNOPSIS:       Software controlled random number generation
  +SYNOPSIS:	Software controlled random number generation
   
  -PRIMARY URL:    http://www.linuxfromscratch.org/~robert/hlfs/hints/files/
  +PRIMARY URL:	http://www.linuxfromscratch.org/~robert/hlfs/hints/files/
   
   DESCRIPTION:
  +Fast and Economical Random number suite:
  +http://frandom.sourceforge.net/
  +Frandom uses an arcfour stream cipher of seed data from the kernel's internal
  +pool. The advantage to frandom is that 4 bytes of kernel entropy can be
  +expanded into gigabytes of random output. Ideal for wiping discs, and maybe
  +even for online gaming. A new addition to the frandom package is erandom.
  +Economical random uses the state of frandom as a seed, and its use does not
  +drain any kernel entropy. This is done very efficiently, completely in the
  +kernel. Erandom is ideal for Smashing Stack Protector. Frandom now also
  +supports sysctl so SSP can use it regardless if /dev/erandom exists or not.
  +This is slightly faster and works threw chroot.
  +
  +audio/video entropy daemon:
  +http://www.vanheusden.com/aed/
  +http://www.vanheusden.com/ved/
   Many system components including smashing stack protector, mkstemp,
   cryptography, aslr in Pax/Grsec depend on a supply of random bits to insure
  -data integrity. In the Linux kernel a combination of input/output devices
  -are used to gather randomness from. This includes the keyboard, mouse, and
  -hard disc. On an idle system none of these devices are receiving input, and
  -the entropy (randomness) of the system is easy to deplete, especially with
  -cryptography. This hint describes two daemons which use either the static
  -noise from the system audio, or the video frames from a video4linux device.
  -These devices have a never ending supply of randomness created by thermal
  -fluctuation and electric fields on the devices. These entropy gathering daemons
  -depend on the kernel driver for your hardware to work properly, be it your
  -sound or video card. These programs will re-seed the kernel entropy pool. The
  -programs can be used together in combination with the kernel's internal values
  -to create a very random pool from several different sources.
  -
  -There is tons and tons and tons of information about this subject on google.
  +data integrity. In the Linux kernel a combination of input devices are used
  +to gather randomness from. This includes the keyboard, mouse, and hard disc.
  +On an idle system none of these devices are receiving input, and the entropy
  +(randomness) of the system is easy to deplete, especially with cryptography.
  +This hint describes two daemons which use either the static noise from the
  +system audio, or the video frames from a video4linux device. These devices
  +have a never ending supply of randomness created by thermal fluctuation and
  +electric fields on the devices. These entropy gathering daemons depend on the
  +kernel driver for your hardware to work properly, be it your sound or video
  +card. These programs will re-seed the kernel entropy pool. The programs can
  +be used together in combination with the kernel's internal values to create
  +a very random pool from several different sources.
   
   PREREQUISITES: None
   
  @@ -60,10 +73,34 @@
   Nothing else needs to be done, applications can continue to use /dev/random
   and /dev/urandom normally. You should notice crypto keys get made faster.
   
  +Frandom/erandom:
  +http://frandom.sourceforge.net/
  +http://www.linuxfromscratch.org/~robert/hlfs/hints/attachments/frandom/\
  +	frandom-0.8.tar.gz
  +http://www.linuxfromscratch.org/patches/downloads/linux/\
  +	linux-2.4.26-frandom-1.patch
  +
  +You don't need the frandom-0.8 source, its presented so you can read more
  +about it if you want. The Linux kernel patch is all we need.
  +Frandom is built in by default with this patch. It can be found in the
  +character devices menu. Build and install the new kernel.
  +
  +cd linux-2.4.26
  +patch -Np1 -i ../linux-2.4.26-frandom-1.patch
  +...
  +reboot
  +
  +mknod /dev/frandom c 235 11
  +mknod /dev/erandom c 235 12
  +
  +To use it for SSP use the glibc-ssp-frandom patch.
  +http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
  +
    - Testing entropy
  -Note: You should try to test this on an idle machine. Nothing compiling in
  +You should try to test this on an idle machine. Nothing compiling in
   background, no updatedb running, etc. Moving/clicking the mouse, keyboard, and
   even network traffic will create entropy in the pool, and affect results.
  +Todo: Have tests for entropy quality, not just quantity.
   
   Fetch this:
   http://dev.gentoo.org/~solar/misc/entropy_watch.c
  @@ -78,19 +115,23 @@
   
   In the next window do something like this:
   
  -dd if=/dev/urandom of=/dev/null bs=1 count=1024
  +dd if=/dev/{u,f,e}random of=/dev/null bs=1 count=1024
   
   If one or both of the entropyd programs are running you should see the pool
   being refilled. Kill the entropyd program(s) and you should see it does not
   refill so quickly. Move the mouse and play with it if you like. If you use a
   small count like count=512 the entropyd program(s) may not refill immedietly
  -because the pool is still large enough. This is to improve preformance
  +because the pool is still large enough. This is to improve preformance.
   
   ACKNOWLEDGMENTS:
  -* Thanks to Solar for entropy_watch.c http://dev.gentoo.org/~solar/
  +* Thanks to Solar for entropy_watch.c. - http://dev.gentoo.org/~solar/
  +* Thanks to Eli Billauer for the Frandom suite. -
  +	http://frandom.sourceforge.net/
   
   CHANGELOG:
   [2004-03-29]
   * Initial post
   [2004-03-30]
   * Added test. Thanks to Solar.
  +[2004-04-18]
  +* Added frandom/erandom.
  
  
  



More information about the hints mailing list