[Cryptography] The Crypto Pi
Ralf Senderek
crypto at senderek.ie
Sun Jan 25 11:35:41 EST 2015
On Sun, 25 Jan 2015 15:27:09 Ben Laurie wrote:
> quoting me:
>
>> The Crypto Pi needs a random key with at least 128 bits of entropy
>> for every message (AES). The desirable hardware platform would be
>> the beagle bone and the OS OpenBSD to make auditing possible.
>>
>> But there is a problem with the randomness source on the beagle bone.
>> I've monitored the state of the kernel's entropy pool via /proc and
>> found that if you read 10 Bytes from /dev/random the entropy level
>> drops by 52 bits. A short time later reading another 10 Bytes the
beagle
>> blocks for 54 seconds. Reading 20 bytes for the first time removes
>> 116 bit of entropy from the pool and the second read blocks for nearly
>> 70 seconds. The beagle bone needs 143 seconds to recover and to add
>> a 100 bits of entropy back to the pool. There's no rngd running.
>
> I'm not sure what "removing bits from the pool" really means -
> extracting n bits from a pool does not, IMO, remove n bits, or even
> any large fraction of n, from the pool.
Well, I'm referring to the output of :
/bin/cat /proc/sys/kernel/random/entropy_avail
When I read bytes from /dev/random with dd and immediately check this
file again, n bits are missing as a result of the read operation.
So, IMHO, the whole system now has less entropy to feed to /dev/random.
Am I wrong, when I assume that if the content of entropy_avail drops to
zero, /dev/random is supposed to block?
--Ralf
More information about the cryptography
mailing list