[Cryptography] The Crypto Pi

John Gilmore gnu at toad.com
Wed Jan 14 04:41:15 EST 2015

> That brings me back to my original question: Is it (in any sense) more secure
> to avoid reading key material from /dev/random and use the hardware RNG
> instead or in addition?

I suspect you should use /dev/random and run the rngd daemon to move
entropy from /dev/hwrng into /dev/random.  It will feed some data to
/dev/random every N seconds (settable, default 60) to mix the random
pool, and will refill the kernel's entropy pool (by default, to 50%)
anytime it gets below there.

> RPi's hardware random number generator uses a "thermal noise"
> entropy source. I asked them but was told there are no further
> public details. So unknown if it is more secure or less.

Perhaps tell rngd that there isn't much entropy per bit?  I don't
know how that setting helps or hurts.

> > Does the rPI use its specific capabilities to enhance /dev/random?
> On linux/pi the h/w RNG is available under /dev/hwrng.
> /dev/random is their standard "cryptographic pseudo RNG".  It
> seems to be extremely slow (80 bits/second) or broken or has
> the wrong default settings.
> FreeBSD/pi /dev/random is much much faster @ 33Mibis/sec. AFAIK
> it doesn't use the h/w RNG.

The problem on Linux is probably that they failed to run rngd, the
hardware randomness daemon.  (In Debian/Ubuntu it's in the "rng-tools"

The problem on FreeBSD is that /dev/random doesn't wait for entropy,
it just makes pseudorandomness as fast as it can.


More information about the cryptography mailing list