[Cryptography] The Crypto Pi
John Gilmore
gnu at toad.com
Wed Jan 14 04:41:15 EST 2015
> That brings me back to my original question: Is it (in any sense) more secure
> to avoid reading key material from /dev/random and use the hardware RNG
> instead or in addition?
I suspect you should use /dev/random and run the rngd daemon to move
entropy from /dev/hwrng into /dev/random. It will feed some data to
/dev/random every N seconds (settable, default 60) to mix the random
pool, and will refill the kernel's entropy pool (by default, to 50%)
anytime it gets below there.
> RPi's hardware random number generator uses a "thermal noise"
> entropy source. I asked them but was told there are no further
> public details. So unknown if it is more secure or less.
Perhaps tell rngd that there isn't much entropy per bit? I don't
know how that setting helps or hurts.
> > Does the rPI use its specific capabilities to enhance /dev/random?
>
> On linux/pi the h/w RNG is available under /dev/hwrng.
> /dev/random is their standard "cryptographic pseudo RNG". It
> seems to be extremely slow (80 bits/second) or broken or has
> the wrong default settings.
>
> FreeBSD/pi /dev/random is much much faster @ 33Mibis/sec. AFAIK
> it doesn't use the h/w RNG.
The problem on Linux is probably that they failed to run rngd, the
hardware randomness daemon. (In Debian/Ubuntu it's in the "rng-tools"
package.)
The problem on FreeBSD is that /dev/random doesn't wait for entropy,
it just makes pseudorandomness as fast as it can.
John
More information about the cryptography
mailing list